Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 17954 invoked from network); 6 Sep 2004 20:18:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 6 Sep 2004 20:18:52 -0000 Received: (qmail 71422 invoked by uid 500); 6 Sep 2004 20:17:56 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 71391 invoked by uid 500); 6 Sep 2004 20:17:55 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 71378 invoked by uid 99); 6 Sep 2004 20:17:55 -0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=DNS_FROM_RFC_ABUSE,SPF_HELO_PASS X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from [206.80.109.179] (HELO mail1.yozons.com) (206.80.109.179) by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 06 Sep 2004 13:17:55 -0700 Received: from rasta (soho2.yozons.com [206.80.109.178] (may be forged)) (authenticated bits=0) by mail1.yozons.com (8.12.8/8.12.8) with ESMTP id i86KHqpA004978 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Mon, 6 Sep 2004 13:17:53 -0700 Message-ID: <010101c4944e$9c654920$3201a8c0@rasta> Reply-To: "David Wall" From: "David Wall" To: References: <04b601c49446$9a2787c0$0200a8c0@buzz> Subject: StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.tomcat.util.net.SSLSupport$CipherData Date: Mon, 6 Sep 2004 13:18:02 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N What do I have misconfigured to cause this security violation? I am using -security to start a security manager and the page is https secure. Using TC 5.0.27 on Redhat Linux, I received the following error in catalina.out: StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.tomcat.util.net.SSLSupport$CipherData My JSP page redirected to my error page, and this stack trace was shown: org/apache/tomcat/util/net/SSLSupport$CipherDatajava.lang.NoClassDefFoundErr or: org/apache/tomcat/util/net/SSLSupport$CipherData at org.apache.tomcat.util.net.SSLSupport.(SSLSupport.java:55) at org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize(JSSESupport.java:137) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:973) at org.apache.coyote.Request.action(Request.java:363) at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:934) at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca de.java:214) at org.apache.jsp.login_jsp._jspService(login_jsp.java:201) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3 24) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:15 7) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter Chain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain .java:140) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:136) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext Valve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:540) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683) at java.lang.Thread.run(Thread.java:534) Thanks, David --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org