Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Problem with JForum and Tomcat Secuirty Manager?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this an issue? My ISP are telling me that it is not running because they have Security Manager running and it is blocking access.

They are willing to alter it if they know what they need to change...
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this related to a problem with Freemaker and the Security Manager?
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, I need to know what error you're getting.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Full error:


HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:284)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
java.lang.Thread.run(Thread.java:595)


root cause

java.lang.NoClassDefFoundError
net.jforum.JForumCommonServlet.init(JForumCommonServlet.java:97)
net.jforum.InstallServlet.init(InstallServlet.java:70)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
java.lang.Thread.run(Thread.java:595)


note The full stack trace of the root cause is available in the Apache Tomcat/5.0.27 logs.


--------------------------------------------------------------------------------

Apache Tomcat/5.0.27
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, this line just tries to create a new instance of the class "Configuration", which is from Freemarker. I can't image why your ISP is blocking access to it, since freemarker is a very well known template engine. It does not have "security holes" or kinda.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there a standard section they can add to the catalina.policy file that would allow Freemaker 'access'?

Many thanks in advance.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, for all I have seen fo far, it should be allowed by default, not denied. Once I had a problem with an ISP which was denying access for freemarker classes to do reflection, but in that situation the error was a security exception from the security manager, no an error like NoClassDefFoundError.
This error you're having points to some failure to find freemarker's core classes - and note here that I'm assuming that you have freemarker-xxx.jar into WEB-INF/lib directory.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have copied the 'default' folder structure directly to my isp and I get this error trying to load the installation wizard page.

When I use it locally, it all works fine, therefore it is definitely something my ISP is doing, but I do not know what.

Can it be folder priviledges?


Thanks in advance
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, just make sure that the freemarker's jar file is into WEB-INF/lib

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It definitely is, but I still have this error.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Has this issue been solved? I've got a similar problem.
[originally posted on jforum.net by watermelon]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello there,

The root cause, IMO, is not a security problem but a classpath conflict. At least that's what I would think looking at the stacktrace and the root exception: java.lang.NoClassDefFoundError.

If the error is raised when trying to access the class Configuration from freemarker, I would make sure that a conflicting version of Freemarker jar files are not in the classpath. This might happen if the service provider has added Freemarker directly to the Tomcat common libraries, as some of them do to prevent people having to add them to all of their applications.

It could be another thing, but "NoClassDefFoundError" usually smells like classpath issues.

Cheers
[originally posted on jforum.net by GreenEyed]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot, GreenEyed. It does not seem to be the case though. After I added these lines to tomcat policy, it worked.

But this is absolutely not what I want. So I tried lots of other policy including what's said here: http://freemarker.sourceforge.net/docs/pgui_misc_secureenv.html
Then I had another IO permission problem in the Admin Control Panel that I couldn't fix by this:

Any thoughts about this? Thanks.
BTW, I'm using User Mode Linux, so there is no service provider involved.
[originally posted on jforum.net by watermelon]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ummm, I have to remember that security settings can throw that kind of permissions

Regarding the creation of a fine tuned security policy file, you might try to use another project from the Java Tools community: JChains.
I have never used it, the one time I did something like that I did it by hand and it was painful ;), but it supposedly shows you all the permissions you are "using" when you start your application, with all permissions granted, and then you can create a policy file with just those that were used.

Otherwise you could try to do it "by hand", using the settings -Djava.security.debug=access or something similar.

I hope it helps, good luck.

[originally posted on jforum.net by GreenEyed]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rafael Steil wrote:Well, just make sure that the freemarker's jar file is into WEB-INF/lib

Rafael


Hmmm. I've found solution to make jforum work with security manager.
Policy code is:




So there are troubles with the freemaker library.
It tries make System.getProperty with such values...
So we have that we have.
[originally posted on jforum.net by Ilya1st]
reply
    Bookmark Topic Watch Topic
  • New Topic