tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <Jeanfrancois.Arc...@Sun.COM>
Subject Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
Date Fri, 16 Apr 2004 21:52:36 GMT


John H wrote:

>Thanks for the replies.
>
>I've tried some of the suggestions, and I guess I've hit a wall again.
>
>>>From what I'm seeing, in order extend RealmBase/GenericPrincipal, your class
>MUST exist in server/lib (given the default configuration). I see no other
>way, unless I'm missing something. RealmBase is in catalina.jar, which is in
>server/lib and is in the catalina classloader. In order for a class to
>extend this, it too must be in the catalina classloader.
>
>I tried this modification to catalina.properties:
>
>common.loader=${catalina.base}/common/classes,${catalina.base}/common/endors
>ed/*.jar,
>${catalina.base}/common/lib/*.jar,${catalina.base}/server/classes,${catalina
>.base}/server/lib/*.jar
>
>(note my extension classes are in bbarealm.jar, which is in server/lib)
>
>Withouth making any more changes (other than moving tomcat's jar's back to
>their original locations), this worked. This seems exactly like moving all
>the files from server/lib (including my bbarealm.jar) to common/lib, though.
>
>Then I tried this: I moved my bbarealm.jar to shared/lib (making it visible
>to the apps), changed the common loader back to it's original form, and
>added
>${catalina.home}/shared/lib/bbarealm.jar to the sever.loader line. This
>results in a NCDF for org.apache.catalina.realm.RealmBase
>  
>
Strange....Let me investigate :-)

Have you tried the privileged attribute in context.xml instead? I'm 
confident it will work for what you are trying to do.

>*pulls hair* I'm not sure how catalina.policies is going to help me. This
>isn't an priviledges issue. It's a classloader issue. The only classloader
>that seems to allow me to extend RealmBase/GenericPrincipal is the catalina
>classloader, and can't see a way to add a class to this classloader (other
>than sticking it in server/lib, which makes it invisible to my apps!). There
>is no 'catalina.loader' line in catalina.properties.
>  
>
Yes, but if all the web app you are deploying needs to have the 
privileged attribute, then you might want to turn on the SecurityManager.

-- Jeanfrancois

>*sigh* Any thoughts?
>
>----- Original Message ----- 
>From: "Jeanfrancois Arcand" <jfarcand@apache.org>
>To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>Sent: Thursday, April 15, 2004 2:55 PM
>Subject: Re: Extending GenericPrincipal/RealmBase: Essentially a classloader
>question
>
>
>  
>
>>John H wrote:
>>
>>    
>>
>>>HI all,
>>>
>>>He have implemented our own realm and principal buy extending
>>>      
>>>
>org.apache.catalina.realm.RealmBase and GenericPrincipal.
>  
>
>>>(Using TC5.0.19 on Solaris and Windows. Realm defined in <Context>.)
>>>
>>>By doing this, however, we've got ourselves into sort of a catch 22 in
>>>      
>>>
>terms of classloading. Hopefully someone can offer some assistance.
>  
>
>>>I've referenced the Class Loader HOW-TO at
>>>      
>>>
>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html, so
>I'll use it's terminology.
>  
>
>>>RealmBase and GenericPrincipal are located in catalina.jar, which resides
>>>      
>>>
>physically in server/lib. The howo defines this jar as in the Catalina class
>loader. The definition says that the Catalina classes are totally invisible
>to web applications, which seems true enough. In order to extend these, I
>must locate my jar in server/lib. So far so good.
>  
>
>>>The problem is that I need to use my extension of GenericPrincipal within
>>>      
>>>
>my webapps.
>  
>
>>>I tried moving my jar to common/lib, since, according to the parent tree
>>>      
>>>
>in the howto, it is visible to both the Catalina branch and the webapp
>branch. Doing this causes a NoClassDefFoundError for GenericPrincipal.
>Apparently since the Catalina classloader is below the common classloader,
>it can't find GenericPrincipal.
>  
>
>>>The only solution that appears to work is moving the entire contents of
>>>      
>>>
>server/lib to common/lib, essentially 'promoting' all of the classes
>normally in the Catalina class loader to the common class loader.
>  
>
>>>Is this the best solution? It seems to me that I should be able to extend
>>>      
>>>
>RealmBase/GenericPrincipal without having to move jars around.
>  
>
>>>Any ideas?
>>>
>>>
>>>      
>>>
>>One way will be to define, in your context.xml, the attribute
>>privileged="true". This will give the web app access to all the
>>server/lib classes (but that's not secure since your web app can play
>>with the catalina internal).
>>
>>If you can turn the SecurityManager on, then  what you can do after is
>>turning it on (this will protected all catalina classes from package
>>definition/insertion....see catalina.properties for the list of
>>protection), you can then add your web app codebase in the
>>catalina.policy so only your web app will be able to use the catalina.jar.
>>
>>I don't see any other way to achieve what you want to do.
>>
>>-- Jeanfrancois
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message