tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Cheshire <yahoono...@gmail.com>
Subject Re: classloader issue with bouncycastle
Date Wed, 18 Oct 2017 16:06:14 GMT
On Wed, Oct 18, 2017 at 11:31 AM, Konstantin Kolinko
<knst.kolinko@gmail.com> wrote:
> 2017-10-18 17:56 GMT+03:00 Chris Cheshire <yahoonomas@gmail.com>:
>> Using bouncy castle v1.58, Tomcat 8.5, java 1.8.
>>
>> I have the unlimited security policy files installed, the BC jars in
>> my WEB-INF/lib directory and in order to register the BC provider, I
>> do
>>
>> static {
>>     Security.addProvider(new BouncyCastleProvider());
>> }
>>
>> in a utility class that handles the keyring
>> setup/encryption/decryption methods for me. This works great until I
>> update the jar that contains my utility class and reload the webapp.
>> Then I get an exception thrown from it being unable to locate the BC
>> provider.
>>
>> mypackage.crypto.CryptoException:
>> org.bouncycastle.openpgp.PGPException: exception on setup:
>> java.security.NoSuchAlgorithmException: class configured for
>> MessageDigest (provider: BC) cannot be found.
>> [...]
>> Caused by: java.lang.ClassNotFoundException: Illegal access: this web
>> application instance has been stopped already.
>
>
>> If I move the call
>>
>> Security.addProvider(new BouncyCastleProvider())
>>
>> into the contextInitialized() method of a ServletContextListener,
>> everything works on reloading a webapp, no matter what classes or jars
>> I update.
>>
>> Can someone explain why the static initializer breaks down here please?
>
>
> The "Illegal access: this web application instance has been stopped
> already." exception is the expected behaviour.
>
> Please see "Memory Leaks" presentation (2010) by markt here:
> http://tomcat.apache.org/presentations.html
>
> and
> http://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html
>

Ahhh this explains it somewhat. I was wondering why I was seeing
"application already stopped" errors when the application was clearly
still running. This error is actually referring to the classloader
instance before the reload?

>
> (Maybe moving the BC.jar and its dependencies to ${catalina.home}/lib
> is sufficient to fix your issue. A more robust solution is to move the
> initialization code as well to some listener configured in
> server.xml).
>

Assuming you mean web.xml here using a ServletContextListener? This is
what I have changed to already. Should I also be doing a
Security.removeProvider() in the contextDestroyed() method of the
listener?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message