0 Replies Latest reply on Apr 6, 2006 9:20 AM by Paul Sideleau

    SecurityManager - java.lang.ClassCircularityError

    Paul Sideleau Newbie

      I am running JBOSS 4.0.3SP1 with tomcat. I am running JBOSS with a security manager. I am testing an application that still uses the servlet
      2.3 web.xml file and apache's jstl 1-0-5

      My policy file has an entry like:
      grant signedby "software",
      Principal com.mypackage.MyPrincipal "Paul" {
      .... permissions.
      };

      This principal is bundled in a jar file in the web
      application's /WEB-INF/lib directory.
      I also have a security constraint defined in web.xml
      for web pages in a certain directory that require
      authorization. After logging in to access a page in
      the protected directory, I get the following
      exception:


      java.lang.ClassCircularityError:
      com/mypackage/MyPrincipal
      at java.lang.Class.forName0(Native Method)
      at java.lang.Class.forName(Class.java:242)
      at
      sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1403)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1307)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1270)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1211)
      at
      sun.security.provider.PolicyFile.implies(PolicyFile.java:1166)
      at
      java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
      at
      java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
      at
      java.security.AccessController.checkPermission(AccessController.java:427)
      at
      java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at
      java.lang.SecurityManager.checkRead(SecurityManager.java:871)
      at java.io.File.exists(File.java:700)
      at
      org.apache.naming.resources.FileDirContext.file(FileDirContext.java:824)
      at
      org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:210)
      at
      org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:293)
      at
      org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1699)
      at
      org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1570)
      at
      org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:850)
      at
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1299)
      at
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1181)
      at
      java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
      at java.lang.Class.forName0(Native Method)
      at java.lang.Class.forName(Class.java:242)
      at
      sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1403)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1307)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1270)
      at
      sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1211)
      at
      sun.security.provider.PolicyFile.implies(PolicyFile.java:1166)
      at
      java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
      at
      java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
      at
      java.security.AccessController.checkPermission(AccessController.java:427)
      at
      java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at
      java.lang.SecurityManager.checkRead(SecurityManager.java:871)
      at java.io.File.exists(File.java:700)
      at
      org.apache.naming.resources.FileDirContext.file(FileDirContext.java:824)
      at
      org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:210)
      at
      org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:293)
      at
      org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1699)
      at
      org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1570)
      at
      org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:850)
      at
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1299)
      at
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1181)
      at
      javax.xml.parsers.FactoryFinder.newInstance(FactoryFinder.java:88)
      at
      javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.java:278)
      at
      javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:185)
      at
      javax.xml.parsers.SAXParserFactory.newInstance(SAXParserFactory.java:107)
      at
      org.apache.taglibs.standard.tlv.JstlBaseTLV.validate(JstlBaseTLV.java:177)
      at
      org.apache.taglibs.standard.tlv.JstlCoreTLV.validate(JstlCoreTLV.java:137)
      at
      org.apache.jasper.compiler.TagLibraryInfoImpl.validate(TagLibraryInfoImpl.java:750)
      at
      org.apache.jasper.compiler.Validator.validateXmlView(Validator.java:1527)
      at
      org.apache.jasper.compiler.Validator.validate(Validator.java:1495)
      at
      org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:157)
      at
      org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
      at
      org.apache.jasper.compiler.Compiler.compile(Compiler.java:267)
      at
      org.apache.jasper.compiler.Compiler.compile(Compiler.java:255)
      at
      org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:556)
      at
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:293)
      at
      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
      at
      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
      at
      javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at
      sun.reflect.NativeMethodAccessorImpl.invoke0(Native
      Method)
      at
      sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at
      org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
      at java.security.AccessController.doPrivileged(Native
      Method)
      at
      javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
      at
      org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
      at
      org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
      at
      org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
      at
      org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
      at
      org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
      at java.security.AccessController.doPrivileged(Native
      Method)
      at
      org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
      at
      org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
      at
      org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:465)
      at
      org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
      at
      org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:66)
      at
      org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:81)
      at java.security.AccessController.doPrivileged(Native
      Method)
      at
      org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:293)
      at
      org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:362)
      at
      org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:211)
      at
      org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:134)
      at
      org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at
      org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at
      org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at
      org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at
      org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
      at
      org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at
      org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
      at
      org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
      at java.lang.Thread.run(Thread.java:595)

      If I remove the entry from my policy file it works
      correctly. If I access a JSP page in the protected
      directory that does not use JSTL it work correctly. If
      I access a page with JSTL outside of the protected
      directory it works correctly. Is this a known bug or
      is my configuration possibly wrong? Or there any code
      debugging options for tracking down a
      java.lang.ClassCircularityError exception?


      Thank you.