Hi Ralph,
Any chance for an RC this weekend?
Gary
On Wed, Oct 15, 2014 at 11:21 AM, Ralph Goers <***@dslextreme.com>
wrote:
> I think we should. I donât think that is a blocker for a release though.
>
> I have taken Mattâs suggestion and changed to use defaultThreadPool(). It
> seems to work fine in my limited testing. It allowed the Tomcat that was
> failing to start up to now start logging correctly. My Tomcat webapp in my
> test VM also started and shutdown correctly - although it just uses the
> default Tomcat configuration which, I believe, has no security manager.
>
> Hopefully I can get the release started tonight after work. That depends
> on how the day goes though.
>
> Ralph
>
> On Oct 15, 2014, at 7:49 AM, Gary Gregory <***@gmail.com> wrote:
>
> Should we include a Tomcat policy file as a sample in the distro?
>
> Gary
>
> On Wed, Oct 15, 2014 at 2:09 AM, Ralph Goers <***@dslextreme.com>
> wrote:
>
>> Well this is downright interesting. I started Tomcat 7 using
>> â./startup.sh -securityâ and both manager and host-manager failed to start,
>> although not with access control or security exceptions. The web app with
>> Log4j did fail to start but it failed differently. In this case I think we
>> would need to require that the catalina policy file be updated as not being
>> able to get a ClassLoader is going to break everything. I do notice that
>> catalina.policy has a bunch of permissions for JULI, including
>> setContextClassLoader.
>>
>> I think we need to document what permissions we require.
>>
>> Ralph
>>
>> SEVERE: ContainerBase.addChild: start:
>> org.apache.catalina.LifecycleException: Failed to start component
>> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/eztax]]
>> at
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
>> at
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
>> at
>> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>> at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>> at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
>> at
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
>> at
>> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1083)
>> at
>> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1880)
>> at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: java.lang.ExceptionInInitializerError
>> at
>> org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:55)
>> at
>> org.apache.logging.log4j.web.Log4jServletContainerInitializer.<clinit>(Log4jServletContainerInitializer.java:37)
>> at java.lang.Class.forName0(Native Method)
>> at java.lang.Class.forName(Class.java:270)
>> at
>> org.apache.catalina.startup.WebappServiceLoader.loadServices(WebappServiceLoader.java:187)
>> at
>> org.apache.catalina.startup.WebappServiceLoader.load(WebappServiceLoader.java:152)
>> at
>> org.apache.catalina.startup.ContextConfig.processServletContainerInitializers(ContextConfig.java:1546)
>> at
>> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1268)
>> at
>> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:876)
>> at
>> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:374)
>> at
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>> at
>> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>> at
>> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5378)
>> at
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
>> ... 14 more
>> Caused by: java.security.AccessControlException: access denied
>> ("java.lang.RuntimePermission" "getClassLoader")
>> at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
>> at
>> java.security.AccessController.checkPermission(AccessController.java:559)
>> at
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>> at
>> java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1561)
>> at
>> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1480)
>> at
>> org.apache.logging.log4j.util.LoaderUtil.findUrlResources(LoaderUtil.java:192)
>> at
>> org.apache.logging.log4j.util.LoaderUtil.findResources(LoaderUtil.java:183)
>> at
>> org.apache.logging.log4j.util.PropertiesUtil.<init>(PropertiesUtil.java:90)
>> at
>> org.apache.logging.log4j.util.PropertiesUtil.<clinit>(PropertiesUtil.java:36)
>> ... 28 more
>>
>>
>>
>>
>>
>> On Oct 14, 2014, at 10:07 PM, Ralph Goers <***@dslextreme.com>
>> wrote:
>>
>> See the javadoc for Executors.privilegedThreadFactory(). It is documented
>> as checking for that permission and throwing an AccessControlException.
>> Since it is called in the constructor of DefaultShutdownCallbackRegistry it
>> definitely has the potential for throwing an exception, which then causes
>> log4j initialization to fail. That just isnât acceptable.
>>
>> Ralph
>>
>>
>> On Oct 14, 2014, at 9:45 PM, Matt Sicker <***@gmail.com> wrote:
>>
>> We never use setContextClassLoader though. I'm not sure why that security
>> exception appears. I don't think there's any harm in fixing that.
>>
>> On 14 October 2014 22:59, Ralph Goers <***@dslextreme.com> wrote:
>>
>>> Well darn. Matt put an Assert.requiredNonNull on the Registry in
>>> Log4jContextFactory. So even if the exception is caught it canât be
>>> ignored. Unless I can find a way around this that commit is going to have
>>> to be reverted.
>>>
>>> Ralph
>>>
>>> On Oct 14, 2014, at 7:57 PM, ralph.goers @dslextreme.com <
>>> ***@dslextreme.com> wrote:
>>>
>>> I have an app that I was able to run successfully on a vanilla Tomcat. I
>>> need to check the security settings on te server. Regardless, this should
>>> not cause initialization to fail.
>>>
>>> Ralph
>>>
>>> On Tuesday, October 14, 2014, Gary Gregory <***@gmail.com>
>>> wrote:
>>>
>>>> IIRC, it looks something Matt was working on recently and he did
>>>> mention working through security issues. Hopefully he will see this message
>>>> and can help out.
>>>>
>>>> It sounds like we need at last one integration tests for Tomcat...
>>>>
>>>> Gary
>>>>
>>>> On Tue, Oct 14, 2014 at 8:30 PM, Ralph Goers <
>>>> ***@dslextreme.com> wrote:
>>>>
>>>>> I am having a bit of trouble with the latest code. Log4j wonât start
>>>>> in tomcat due to a security violation. I am not going to go forward with
>>>>> the release until I can determine what the problem is and fix it.
>>>>>
>>>>> Ralph
>>>>>
>>>>> ERROR StatusLogger Unable to create class org.apache.logging.log4j.core.impl.Log4jContextFactory specified in jar:file:/usr/local/jakarta-tomcat/webapps/NextivaDriveBilling/WEB-INF/lib/log4j-core-2.1-SNAPSHOT.jar!/META-INF/log4j-provider.properties java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader)
>>>>> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
>>>>> at java.util.concurrent.Executors$PrivilegedThreadFactory.<init>(Executors.java:563)
>>>>> at java.util.concurrent.Executors.privilegedThreadFactory(Executors.java:321)
>>>>> at org.apache.logging.log4j.core.util.DefaultShutdownCallbackRegistry.<init>(DefaultShutdownCallbackRegistry.java:54)
>>>>> at org.apache.logging.log4j.core.impl.Log4jContextFactory.createShutdownCallbackRegistry(Log4jContextFactory.java:117)
>>>>> at org.apache.logging.log4j.core.impl.Log4jContextFactory.<init>(Log4jContextFactory.java:54)
>>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>>>>> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>>>>> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>>>>> at java.lang.Class.newInstance0(Class.java:357)
>>>>> at java.lang.Class.newInstance(Class.java:310)
>>>>> at org.apache.logging.log4j.LogManager.<clinit>(LogManager.java:96)
>>>>> at org.apache.logging.log4j.core.config.Configurator.getFactory(Configurator.java:154)
>>>>> at org.apache.logging.log4j.core.config.Configurator.initialize(Configurator.java:109)
>>>>> at org.apache.logging.log4j.web.Log4jWebInitializerImpl.initializeNonJndi(Log4jWebInitializerImpl.java:157)
>>>>> at org.apache.logging.log4j.web.Log4jWebInitializerImpl.start(Log4jWebInitializerImpl.java:107)
>>>>> at org.apache.logging.log4j.web.Log4jServletContextListener.contextInitialized(Log4jServletContextListener.java:45)
>>>>> at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3795)
>>>>> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4252)
>>>>> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
>>>>> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>>>>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>>>>> at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:884)
>>>>> at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:737)
>>>>> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
>>>>> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1203)
>>>>> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319)
>>>>> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
>>>>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>>>>> at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>>>>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>>>>> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>>>> at org.apache.catalina.core.StandardService.start(StandardService.java:448)
>>>>> at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>>>>> at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>>>>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>>>>>
>>>>> ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
>>>>> ERROR StatusLogger LogManager returned an instance of org.apache.logging.log4j.simple.SimpleLoggerContextFactory which does not implement org.apache.logging.log4j.core.impl.Log4jContextFactory. Unable to initialize Log4j.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Oct 14, 2014, at 9:16 AM, Matt Sicker <***@gmail.com> wrote:
>>>>>
>>>>> Oh crap, you're right.
>>>>>
>>>>> On 14 October 2014 11:05, Gary Gregory <***@gmail.com> wrote:
>>>>>
>>>>>> Don't you have to login to Nexus to release though?
>>>>>>
>>>>>> Gary
>>>>>>
>>>>>> On Tue, Oct 14, 2014 at 11:34 AM, Matt Sicker <***@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Question: if I start the release process with everything signed, can
>>>>>>> someone else complete it when the vote is done?
>>>>>>>
>>>>>>> On 13 October 2014 22:26, Ralph Goers <***@apache.org> wrote:
>>>>>>>
>>>>>>>> Matt can't do it so I will. It will be in the next couple of days.
>>>>>>>>
>>>>>>>> Sent from my iPad
>>>>>>>>
>>>>>>>> On Oct 13, 2014, at 7:22 PM, Gary Gregory <***@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi All:
>>>>>>>>
>>>>>>>> I'm sure we are all busy (I am!) but do we have a plan for cutting
>>>>>>>> what will hopefully be the last 2.1 RC?
>>>>>>>>
>>>>>>>> Gary
>>>>>>>>
>>>>>>>> --
>>>>>>>> E-Mail: ***@gmail.com | ***@apache.org
>>>>>>>> Java Persistence with Hibernate, Second Edition
>>>>>>>> <http://www.manning.com/bauer3/>
>>>>>>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
>>>>>>>> Spring Batch in Action <http://www.manning.com/templier/>
>>>>>>>> Blog: http://garygregory.wordpress.com
>>>>>>>> Home: http://garygregory.com/
>>>>>>>> Tweet! http://twitter.com/GaryGregory
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Matt Sicker <***@gmail.com>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> E-Mail: ***@gmail.com | ***@apache.org
>>>>>> Java Persistence with Hibernate, Second Edition
>>>>>> <http://www.manning.com/bauer3/>
>>>>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
>>>>>> Spring Batch in Action <http://www.manning.com/templier/>
>>>>>> Blog: http://garygregory.wordpress.com
>>>>>> Home: http://garygregory.com/
>>>>>> Tweet! http://twitter.com/GaryGregory
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Matt Sicker <***@gmail.com>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> E-Mail: ***@gmail.com | ***@apache.org
>>>> Java Persistence with Hibernate, Second Edition
>>>> <http://www.manning.com/bauer3/>
>>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
>>>> Spring Batch in Action <http://www.manning.com/templier/>
>>>> Blog: http://garygregory.wordpress.com
>>>> Home: http://garygregory.com/
>>>> Tweet! http://twitter.com/GaryGregory
>>>>
>>>
>>>
>>
>>
>> --
>> Matt Sicker <***@gmail.com>
>>
>>
>>
>>
>
>
> --
> E-Mail: ***@gmail.com | ***@apache.org
> Java Persistence with Hibernate, Second Edition
> <http://www.manning.com/bauer3/>
> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
> Spring Batch in Action <http://www.manning.com/templier/>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>
>
>
--
E-Mail: ***@gmail.com | ***@apache.org
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory