[PATCH] Bugzilla #1002 (against CVS, this time)

Thu, 29 Mar 2001 21:27:34 -0800 

> * Deploy the struts-example application from Struts (includes Xerces
>   in WEB-INF/lib)

    That was the boost I needed.  Now I got it.
    Fortunately, it was the same problem as with m1, thus after you showed me
the systematic way to reproduce it, no problem.

    Please see the comments in StandardClassLoader, and feel free to mail me
with questions that are not covered therein.

  HTH,
  -- /v\atthew
-- 
Matthew L Daniel    Never put off until tomorrow what you can do today.
Wizard              There might be a law against it by that time.
[EMAIL PROTECTED]    -- `/usr/bin/fortune`

diff -u -r1.12 StandardClassLoader.java
--- catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java      
2001/03/06 01:43:46     1.12
+++ catalina/src/share/org/apache/catalina/loader/StandardClassLoader.java      
+2001/03/30 05:27:03
@@ -110,6 +110,7 @@
  *
  * @author Craig R. McClanahan
  * @author Remy Maucherat
+ * @author Matthew L Daniel ([EMAIL PROTECTED])
  * @version $Revision: 1.12 $ $Date: 2001/03/06 01:43:46 $
  */
 
@@ -1018,6 +1019,24 @@
                     resolveClass(clazz);
                 return (clazz);
             }
+        } catch (SecurityException se) {
+/*
+ * Q.V. Bugzilla #1002
+ *   Because of the nested nature of the classloaders, the SecurityException
+ * will be thrown if any class defined in a "Sealed" jar (for example, jaxp.jar
+ * or crimson.jar) is found in the user's WEB-INF.  This exception signals that
+ * the parent already has the class in question, and it is Sealed, so loading
+ * the user's version of that class is bad.  
+ *   The SecurityException will not be thrown if this is the first occurance of
+ * the offending class.  If the SecurityException is thrown, then we are
+ * assured (by the definition of the SecurityException) that the parent already
+ * has the "magic" version of the class in question.  Ergo, the proper course
+ * of action is to delegate the request "upstream" to our parent classloader.
+ */
+             if (debug >= 3) log(
+             "  Eating SecurityException \""+se.getMessage()+"\".\n"
+            +" Please see StandardClassLoader.loadClass comments.");
+           // fall through to parent class loader
         } catch (ClassNotFoundException e) {
             ;
         }

Reply via email to