Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Users, when I run TOMCAT using -security option on Java 1.6 jdk, I get following error. I added policy definitions for all properities, oraclejars and JNDIpermission for the context. org.apache.jasper.JasperException: java.lang.ArrayIndexOutOfBoundsException: -1 org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:517) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) root cause java.lang.ArrayIndexOutOfBoundsException: -1 oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942) oracle.jdbc.driver.T4CTTIoauthenticate.(T4CTTIoauthenticate.java:221) oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:358) oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:508) oracle.jdbc.driver.T4CConnection.(T4CConnection.java:203) oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33) oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510) oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:275) oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:206) xxx.yyy.CPC.data.DAOUtil.getConnection(Unknown Source) xxx.yyy.CPC.logging.LogDAO.createLog(Unknown Source) xxx.yyy.CPC.logging.DBLogger.db(Unknown Source) org.apache.jsp.CPC.Default_jsp._jspService(Default_jsp.java:90) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:517) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) when I run the similar program outside tomcat with -security it runs fine. any thoughts -suresh -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28333480.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher i have attached a copy of the policy file. yes that is true but the command line application includes the security manager with equivalent policy, Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception Some other app + Oracle JDBC Driver = no exception I am running oracle jdbc thin driver ConnectionPool http://old.nabble.com/file/p28334465/catalina.policy.2 catalina.policy.2 "11.1.0.7.0-Produ" The web application works fine without the security manager. Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Suresh, > > On 4/22/2010 3:19 PM, suresht wrote: >> when I run TOMCAT using -security option on Java 1.6 jdk, I get following >> error. I added policy definitions for all properities, oraclejars and >> JNDIpermission for the context. > > Care to share those policy definitions? > >> java.lang.ArrayIndexOutOfBoundsException: -1 >> >> oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942) > > Are you running the latest version of Oracle's JDBC driver? > >> when I run the similar program outside tomcat with -security it runs >> fine. any thoughts > > Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception > Some other app + Oracle JDBC Driver = no exception > > There are very few common terms in those two equations. Are you sure > they have any relation to one another? > > For instance, are you running your "similar program" with the same > policy file? Are you running through the same code that your webapp does? > > You never said whether your webapp works properly without the > SecurityManager installed. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvQtFcACgkQ9CaO5/Lv0PDm2QCbBZChSL7huRcZS18GvFBFCTza > 1BUAn1WGlfBSYbboiHeZNbC/GqxcNzDP > =zOZB > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28334465.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher, I see a char array being set to a number. charstring1[charstring1-1] = 0; Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Suresh, > > On 4/22/2010 4:51 PM, suresht wrote: >> i have attached a copy of the policy file. > > It was stripped by the list. > >> yes that is true but the command line application includes the security >> manager with equivalent policy > > Ok. > >> The web application works fine without the security manager. > > Since the error occurs in the JDBC driver, I would imagine that the > problem is there: the driver is not properly checking array bounds when > accessing a String. > > Now, more than likely it's some String that is no longer available due > to the presence of the SecurityManager, but we'll never know what the > "real" problem is until we can get a report of what String the driver > can't read properly. > > Do you have the source code of the JDBC driver? Can you decompile it to > find out what is blowing up? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvQvccACgkQ9CaO5/Lv0PDqXQCfT5BcPuXT2qaKp4ZCChMsBrKy > Ex4AnikHuVhogRnOM8HW0y3cx9TjqRWu > =4vR2 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28336163.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
The problem was with oracle jar in {catalina.base}\lib dir was getting called
with \ at the start. When I added the AllProperty policy rule for that
\file:{catalina.base}\lib\- . this error went away.
suresht wrote:
>
> hi Christopher,
> I see a char array being set to a number.
> charstring1[charstring1-1] = 0;
>
>
>
> Christopher Schultz-2 wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Suresh,
>>
>> On 4/22/2010 4:51 PM, suresht wrote:
>>> i have attached a copy of the policy file.
>>
>> It was stripped by the list.
>>
>>> yes that is true but the command line application includes the security
>>> manager with equivalent policy
>>
>> Ok.
>>
>>> The web application works fine without the security manager.
>>
>> Since the error occurs in the JDBC driver, I would imagine that the
>> problem is there: the driver is not properly checking array bounds when
>> accessing a String.
>>
>> Now, more than likely it's some String that is no longer available due
>> to the presence of the SecurityManager, but we'll never know what the
>> "real" problem is until we can get a report of what String the driver
>> can't read properly.
>>
>> Do you have the source code of the JDBC driver? Can you decompile it to
>> find out what is blowing up?
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.10 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvQvccACgkQ9CaO5/Lv0PDqXQCfT5BcPuXT2qaKp4ZCChMsBrKy
>> Ex4AnikHuVhogRnOM8HW0y3cx9TjqRWu
>> =4vR2
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>
>
--
View this message in context:
http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28343771.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher
The problem was that there was attempt to access
\c:\{$catalina.base}\lib\ojdbc6.jar rather than
c:\{$catalina.base}\lib\ojdbc6.jar. when I added new rule the error went
away.
-suresh
Christopher Schultz-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Suresh,
>
> On 4/22/2010 8:33 PM, suresht wrote:
>> I see a char array being set to a number.
>> charstring1[charstring1-1] = 0;
>
> That's obviously not actual code. Can you decompile or otherwise browse
> the source of the method where the exception occurs?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvRzTEACgkQ9CaO5/Lv0PAthQCdFUlvrW4VgDC5M3qc8Lpklc+9
> sC4Anjmgu+jgXzjwgYFDsK+t8g3/ggEh
> =ByKq
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28343802.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
