DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13052>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13052 SecurityManager + req.getParameter() = "ParameterMap" class loading NoClassDefFoundError exception Summary: SecurityManager + req.getParameter() = "ParameterMap" class loading NoClassDefFoundError exception Product: Tomcat 4 Version: 4.0.4 Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Connector:Other AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] NOTE: You should add a "4.0.5 Final" Tomcat version option in Bugzilla. I have confirmed this is a bug in Tomcat 4.0.5 when run with the SecurityManager enabled (but this may have existed in older Tomcat versions). After starting the server using the HTTP/1.1 Connector, a requested servlet that calls request.getParameter() will cause Tomcat to throw a java.lang.NoClassDefFoundError exception for class "ParameterMap." This is due to the webapp code not being granted the "defineClassInPackage" RuntimePermission for org.apache.catalina.util in the "catalina.policy" file. I imagine that the best solution here is to avoid having to grant this extra permission to webapps in the policy file by simply ensuring that ParameterMap gets loaded by the "server" classloader during Tomcat initialization. This should be as simple as changing org.apache.catalina.connector.HttpRequestBase as follows: - protected ParameterMap parameters = null; + protected ParameterMap parameters = new ParameterMap(); Although the HTTP/1.1 Connector is deprecated as of Tomcat 4.1.x, the fix to this can still be made to HttpRequestBase, as it is a connector-independent base class. -Eddie ______ Example request: http://127.0.0.1:8080/examples/servlet/RequestParamExample? firstname=foo&lastname=bar" Example output (exception): <html><head><title>Apache Tomcat/4.0.5 - Error report</title><STYLE><!--H1{font- family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY {font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color : #0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>Apache Tomcat/4.0.5 - HTTP Status 500 - Internal Server Error</h1><HR size="1" noshade><p><b>type</b> Exception report</p><p><b>message</b> <u>Internal Server Error</u></p><p><b>description</b> <u>The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.servlet.ServletException: Servlet execution threw an exception at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.access$000 (ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run (ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:172) at filters.ExampleFilter.doFilter(ExampleFilter.java:149) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.access$000 (ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run (ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:172) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:190) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.authenticator.AuthenticatorBase.invoke (AuthenticatorBase.java:475) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke (StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke (ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process (HttpProcessor.java:1027) at org.apache.catalina.connector.http.HttpProcessor.run (HttpProcessor.java:1125) at java.lang.Thread.run(Thread.java:484) </pre></p><p><b>root cause</b> <pre>java.lang.NoClassDefFoundError: org/apache/catalina/util/ParameterMap at org.apache.catalina.connector.HttpRequestBase.parseParameters (HttpRequestBase.java:615) at org.apache.catalina.connector.HttpRequestBase.getParameter (HttpRequestBase.java:691) at org.apache.catalina.connector.RequestFacade.getParameter (RequestFacade.java:160) at RequestParamExample.doGet(RequestParamExample.java:56) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.access$000 (ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run (ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:172) at filters.ExampleFilter.doFilter(ExampleFilter.java:149) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.access$000 (ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run (ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:172) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:190) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.authenticator.AuthenticatorBase.invoke (AuthenticatorBase.java:475) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke (StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke (ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext (StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process (HttpProcessor.java:1027) at org.apache.catalina.connector.http.HttpProcessor.run (HttpProcessor.java:1125) at java.lang.Thread.run(Thread.java:484) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
