Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Problem with JForum and Tomcat Secuirty Manager?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this an issue? My ISP are telling me that it is not running because they have Security Manager running and it is blocking access.

They are willing to alter it if they know what they need to change...
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this related to a problem with Freemaker and the Security Manager?
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I need to know what error you're getting.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Full error:


HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:284)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
java.lang.Thread.run(Thread.java:595)


root cause

java.lang.NoClassDefFoundError
net.jforum.JForumCommonServlet.init(JForumCommonServlet.java:97)
net.jforum.InstallServlet.init(InstallServlet.java:70)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
java.lang.Thread.run(Thread.java:595)


note The full stack trace of the root cause is available in the Apache Tomcat/5.0.27 logs.


--------------------------------------------------------------------------------

Apache Tomcat/5.0.27
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, this line just tries to create a new instance of the class "Configuration", which is from Freemarker. I can't image why your ISP is blocking access to it, since freemarker is a very well known template engine. It does not have "security holes" or kinda.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a standard section they can add to the catalina.policy file that would allow Freemaker 'access'?

Many thanks in advance.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, for all I have seen fo far, it should be allowed by default, not denied. Once I had a problem with an ISP which was denying access for freemarker classes to do reflection, but in that situation the error was a security exception from the security manager, no an error like NoClassDefFoundError.
This error you're having points to some failure to find freemarker's core classes - and note here that I'm assuming that you have freemarker-xxx.jar into WEB-INF/lib directory.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have copied the 'default' folder structure directly to my isp and I get this error trying to load the installation wizard page.

When I use it locally, it all works fine, therefore it is definitely something my ISP is doing, but I do not know what.

Can it be folder priviledges?


Thanks in advance
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, just make sure that the freemarker's jar file is into WEB-INF/lib

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It definitely is, but I still have this error.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Has this issue been solved? I've got a similar problem.
[originally posted on jforum.net by watermelon]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello there,

The root cause, IMO, is not a security problem but a classpath conflict. At least that's what I would think looking at the stacktrace and the root exception: java.lang.NoClassDefFoundError.

If the error is raised when trying to access the class Configuration from freemarker, I would make sure that a conflicting version of Freemarker jar files are not in the classpath. This might happen if the service provider has added Freemarker directly to the Tomcat common libraries, as some of them do to prevent people having to add them to all of their applications.

It could be another thing, but "NoClassDefFoundError" usually smells like classpath issues.

Cheers
[originally posted on jforum.net by GreenEyed]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot, GreenEyed. It does not seem to be the case though. After I added these lines to tomcat policy, it worked.

But this is absolutely not what I want. So I tried lots of other policy including what's said here: http://freemarker.sourceforge.net/docs/pgui_misc_secureenv.html
Then I had another IO permission problem in the Admin Control Panel that I couldn't fix by this:

Any thoughts about this? Thanks.
BTW, I'm using User Mode Linux, so there is no service provider involved.
[originally posted on jforum.net by watermelon]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ummm, I have to remember that security settings can throw that kind of permissions

Regarding the creation of a fine tuned security policy file, you might try to use another project from the Java Tools community: JChains.
I have never used it, the one time I did something like that I did it by hand and it was painful ;), but it supposedly shows you all the permissions you are "using" when you start your application, with all permissions granted, and then you can create a policy file with just those that were used.

Otherwise you could try to do it "by hand", using the settings -Djava.security.debug=access or something similar.

I hope it helps, good luck.

[originally posted on jforum.net by GreenEyed]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Rafael Steil wrote:Well, just make sure that the freemarker's jar file is into WEB-INF/lib

Rafael


Hmmm. I've found solution to make jforum work with security manager.
Policy code is:




So there are troubles with the freemaker library.
It tries make System.getProperty with such values...
So we have that we have.
[originally posted on jforum.net by Ilya1st]
 
The airline is called "Virgin"? Don't you want a plane to go all the way? This tiny ad will go all the way:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic