Need help: SignedObject.getObject() in servlet
vng78 Feb 12, 2004 12:54 PMAll,
I have a very frustrating problem with (I think) ClassLoader. I have searched through the Forums, browsed more than 20 pages and found no satisfactory solution. I'm using JBoss 3.2.3. Here's the thing:
First, I have a servlet in which I get a SignedObject from MySQL BLOB and retrieve the actual object from the SignedObject:
SignedObject so = helper.retrieveSignedObject();
if(verify(so)) {
SecureKey key = so.getObject();
...
Now, the helper class successfully retrieves the SignedObject and verify() returns true so my key should be alright. Next, the call so.getObject() just fails immediately spewing:
2004-02-13 04:51:38,842 ERROR [STDERR] Error in initializeKeyObject(): The key class cannot be found.
2004-02-13 04:51:38,842 ERROR [STDERR] java.lang.ClassNotFoundException: No ClassLoaders found for: SecureKey
2004-02-13 04:51:38,842 ERROR [STDERR] at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:241)
2004-02-13 04:51:38,842 ERROR [STDERR] at org.jboss.mx.loading.UnifiedClassLoader3.loadClassImpl(UnifiedClassLoader3.java:169)
2004-02-13 04:51:38,842 ERROR [STDERR] at org.jboss.mx.loading.UnifiedClassLoader3.loadClass(UnifiedClassLoader3.java:123)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.lang.Class.forName0(Native Method)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.lang.Class.forName(Class.java:207)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:551)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1503)
2004-02-13 04:51:38,842 ERROR [STDERR] at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1425)
2004-02-13 04:51:38,858 ERROR [STDERR] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1616)
2004-02-13 04:51:38,858 ERROR [STDERR] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1264)
2004-02-13 04:51:38,858 ERROR [STDERR] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:322)
2004-02-13 04:51:38,858 ERROR [STDERR] at java.security.SignedObject.getObject(SignedObject.java:161)
2004-02-13 04:51:38,858 ERROR [STDERR] at 2004-02-13 04:51:38,858 ERROR [STDERR] at psms.web.proxy.ProxyServlet.doGet(Unknown Source)
2004-02-13 04:51:38,858 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
2004-02-13 04:51:38,858 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
And at the very top of the log, I saw that there was no ClassLoader for SecureKey. I would deeply appreciate if anyone could at least give me a hint what was wrong. I read about getting the ClassLoader from current Thread and stuff like that but I can't force java.security.SignedObject to use a specific ClassLoader during the getObject(), can I?
I saw some code by Scott where he wrote a Servlet that accesses WEB-INF/classes using Class.forName(). I tried it and I could get my SecureKey class but when I use newInstance() on it, it threw InstantiationException. Well...
My ear structure is as follows:
EAR
+--- ejb.jars
+--- war
+---- WEB-INF/lib/secure.jar
+---- WEB-INF/classes/.class
The SecureKey class is in secure.jar and is only used in the servlet.
If this is a ClassLoader and the way I package my WAR and the secure.jar library, please point me to a tutorial on the relationship between ClassLoader and WAR packaging. I would appreciate if someone could shed some light on this.
thanks
Vince