Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: java.lang.ClassCircularityError

Jean-Francois Arcand

2004-05-19

Replies:



Viktor Matic wrote:

>We are getting java.lang.ClassCircularityError on the Tomcat 5.0.x (we
>have tested the same code on a following releases 5.0.18, 5.0.19 and
>5.0.24). The java source code, which we have used for the testing
>purposes, consists of the servlet which use our custom implementation of
>the java.security.Policy to test user rights to execute action.
>This code pass JUnit tests and works fine if it is called isolated out
>of the Tomcat (called through class with the main method). It also works
>fine on Tomcat 4.1.30.
>Since improvement list for Tomcat 5.0.x states that Security Manager
>support is enhanced from 4.1.x release maybe there is something we are
>missing to implement or maybe there is a new bug in the catalina class
>loader when it is used with java.security.manager. It is important to
>state that out application sets our policy (Policy.setPolicy(new
>OurPolicy())). We are pretty sure that we have configured Tomcat
>properly because everything works fine on older Tomcat.
>
>
Well, take a look at org.apache.catalina.security.SecurityUtil. I am
setting the Subject/AccessControlContext there. I think that might cause
your problem, but I need more info ;-). AnybodyPrincipal is trying to do
what?

-- Jeanfrancois


>Here is error stack trace:
>
>root cause:
>java.lang.ClassCircularityError: com/ingemark/security/AnybodyPrincipal
>  com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65)
>  com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89)
>  com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67)
>  com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105)
>  com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72)
>  com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
>  java.security.Policy.implies (Policy.java:397)
>  java.security.ProtectionDomain.implies (ProtectionDomain.java:189)
>  java.security.AccessControlContext.checkPermission (AccessControlContext.java:254)
>  java.security.AccessController.checkPermission (AccessController.java:401)
>  java.lang.SecurityManager.checkPermission (SecurityManager.java:524)
>  java.lang.SecurityManager.checkRead (SecurityManager.java:863)
>  java.io.File.exists (File.java:678)
>  org.apache.naming.resources.FileDirContext.file (FileDirContext.java:826)
>  org.apache.naming.resources.FileDirContext.lookup (FileDirContext.java:208)
>  org.apache.naming.resources.ProxyDirContext.lookup (ProxyDirContext.java:287)
>  org.apache.catalina.loader.WebappClassLoader.findResourceInternal (WebappClassLoader.java:1707)
>  org.apache.catalina.loader.WebappClassLoader.findClassInternal (WebappClassLoader.java:1575)
>  org.apache.catalina.loader.WebappClassLoader.findClass (WebappClassLoader.java:860)
>  org.apache.catalina.loader.WebappClassLoader.loadClass (WebappClassLoader.java:1307)
>  org.apache.catalina.loader.WebappClassLoader.loadClass (WebappClassLoader.java:1189)
>  java.lang.ClassLoader.loadClassInternal (ClassLoader.java:302)
>  com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65)
>  com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89)
>  com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67)
>  com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105)
>  com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72)
>  com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
>  java.security.Policy.implies (Policy.java:397)
>  java.security.ProtectionDomain.implies (ProtectionDomain.java:189)
>  java.security.AccessControlContext.checkPermission (AccessControlContext.java:254)
>  java.security.AccessController.checkPermission (AccessController.java:401)
>  com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207)
>  java.security.AccessController.doPrivileged(Native Method)
>  javax.security.auth.Subject.doAsPrivileged (Subject.java:437)
>  com.ingemark.experiments.ServletSec.service(ServletSec.java:181)
>  javax.servlet.http.HttpServlet.service (HttpServlet.java:810)
>  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
>  sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
>  java.lang.reflect.Method.invoke (Method.java:324)
>  org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
>  java.security.AccessController.doPrivileged(Native Method)
>  javax.security.auth.Subject.doAsPrivileged (Subject.java:500)
>  org.apache.catalina.security.SecurityUtil.execute (SecurityUtil.java:263)
>  org.apache.catalina.security.SecurityUtil.doAsPrivilege (SecurityUtil.java:157)
>
>
>I will be happy to present this problem in more details if somebody can
>recognize familiar topic in this post.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)
>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.