jBPM 3.1: ClassCastException in JBossSecurityMgrRealm
jesse_sweetland Feb 22, 2006 5:01 PMApplication Servers:
JBoss 4.0.2, JBoss 4.0.3SP1, and jBPM Starter Kit (JBoss 4.0.2)
jBPM Release:
jBPM 3.1 and jBPM 3.1 Starter Kit
Problem:
We are migrating our application from jBPM 3.0.1 to jBPM 3.1. The application successfully compiles, but when we deploy to any of the application servers mentioned above we receive the following stack trace:
10:32:36,168 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing java.lang.ClassCastException: org.jnp.interfaces.NamingContext at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
Looking at line 227 of JBossSecurityMgrRealm.java, the problem appears to happen when casting the object bound to "java:comp/env/security/securityMgr" as a SecurityManager. I removed all declarative security statements (login-config, security-constraint, etc.) from our web.xml and our application loads fine (since the realm never gets invoked).
The jBPM starter kit application runs fine, but I noticed that there are no declarative security statements in web.xml.
I also noticed that the size of the jboss-j2ee.jar in the jbpm-3.1/lib/ directory is larger than the jboss-j2ee.jar in the jboss-4.0.3SP1/server/default/lib/ directory.
Reading the JBoss classloading documentation, it seems that maybe the SecurityManager class is being loaded by a difference classloader than the object in the JNDI context noted above.
Has anyone else encountered this issue? Are there any workarounds?
Thanks,
- Jesse