This only occurs when Tomcat is started without a SecurityManager and then later application code sets a SecurityManager.
Please see the following bug report for an explanation of why that is not a good thing to do: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7052 Thanks for taking the time to analyze how this works but the behaviour will not be changed. Glenn On Thu, Mar 04, 2004 at 11:46:31AM +0200, Matti Härö wrote: > Hi, > > the patch below fixes a bug that occasionally causes a NullPointerException in > loadClass() method. The problem was caused by the way the system security > manager was used in this class. For checking if there is a security manager, and > then using the security manager for checking the access, two (potentially > different) security managers were used. Checking for the existence of a security > manager was done by System.getSecurityManager(). Then inside the if block, a > reference to a class private variable securityManager was used. > > The private variable securityManager had been set in the constructor of the > JasperLoader instance, and was often different from the one used in the > loadClass() method for checking if there was a securityManager. More > specifically, the private attribute securityManager was often null, while > System.getSecurityManager() returned a non-null value in loadClass() method. > This in turn caused the loadClass() to throw a NullPointerException. > > Mr Matti Haro > > --- JasperLoader.java 2004-03-04 08:57:52.000000000 +0200 > +++ > ./tomcat-5-0-19-src/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java > 2004-03-04 08:59:43.000000000 +0200 > @@ -75,6 +75,7 @@ > * @author Anil K. Vijendran > * @author Harish Prabandham > * @author Jean-Francois Arcand > + * @author Matti Haro > */ > public class JasperLoader extends URLClassLoader { > > @@ -82,7 +83,6 @@ > private CodeSource codeSource; > private String className; > private ClassLoader parent; > - private SecurityManager securityManager; > private PrivilegedLoadClass privLoadClass; > > public JasperLoader(URL[] urls, ClassLoader parent, > @@ -93,7 +93,6 @@ > this.codeSource = codeSource; > this.parent = parent; > this.privLoadClass = new PrivilegedLoadClass(); > - this.securityManager = System.getSecurityManager(); > } > > /** > @@ -147,8 +146,9 @@ > resolveClass(clazz); > return (clazz); > } > - > + > // (.5) Permission to access this class when using a SecurityManager > + SecurityManager securityManager = System.getSecurityManager(); > if (securityManager != null) { > int dot = name.lastIndexOf('.'); > if (dot >= 0) { > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder | MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | ---------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
