Solved

java.lang.SecurityException: Prohibited package name: java.util when running a Servlet with WAS 4.0.1

Posted on 2002-04-24
20
5,507 Views
Last Modified: 2013-12-10
Hi everybody,

I am trying to run a servlet under WAS 4.0.1 (Samples worked fine)

Assembling (both manual (ant) and with the WAS Assambly tool) and deploying seemed to work without much of a problem.

When I start the servlet (named HttpServer) I get the following Exception:

HttpServer: java.lang.SecurityException: Prohibited package name: java.util
     at java.lang.ClassLoader.defineClass(ClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:286)
     at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))

This happens when nothing more exciting than instantiating an object from java.util is done: "new java.util.StringTokenizer()". Restructuring the code a bit, it came when getting the class object for Hashtable: "java.util.Hashtable.class".

It seems to be simply the first occurrence of any class in a "java." package (obviously excluding java.lang). To my knowledge the "java." packages are restricted to be loaded by the bootstrap classloader. From the stack trace it looks like the prorietary classloader ingnores that rule.

If that would be the case for all webapps deployed in WebSphere, it would definitely make running almost any servlet in WebSphere impossible ;-) Since I cannot imagine this to be true, I am wondering whether I missed some kind of configuration in WebSphere or a parameter in the assembly of the war or the ear.

0
Comment
Question by:M8xK
  • 9
  • 7
20 Comments
 
LVL 3

Expert Comment

by:jerelw
Comment Utility
what os are you on?

What version of java did you install?

what does your root .profile file look like?
0
 

Author Comment

by:M8xK
Comment Utility
The WAS is running on NT 4.0 SP 6a.

The version of Java that came with WAS is "J2RE 1.3.0 IBM build cn130-20010609 (JIT enabled: jitc), Java Compiler = jitc". I tried to change that to a SUM VM, but non of my attempts were successful.

Since it's NT, there is no .profile. In case you were wondering about JAVA_HOME: it is not set.
0
 
LVL 3

Expert Comment

by:jerelw
Comment Utility
What happened when "attempts were successful" at changing to the Sun JVM?
0
 

Author Comment

by:M8xK
Comment Utility
Well, sorry for the typo: I meant, none of my attempts were successful.

When  I tried to switch to SUN VM 1.3.1 I got an exception on server startup:
java.lang.Throwable
     at com.ibm.ejs.ras.TraceEventGeneratorImpl.fireTraceEvent(Tr.java:1462)
     at com.ibm.ejs.ras.TraceEventGeneratorImpl.fireTraceEvent(Tr.java:1346)
     at com.ibm.ejs.ras.Tr.fatal(Tr.java:828)
     at com.ibm.ejs.sm.server.AdminServer.main(AdminServer.java:405)
     at java.lang.reflect.Method.invoke(Native Method)
     at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:158)
0
 
LVL 3

Expert Comment

by:jerelw
Comment Utility
WebSphere runs as Administrator

Login as Administrator and type java -fullversion

You should see something like this:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>java -fullversion
java full version "1.3.1_02-b02"

If you get an error, try putting the java/bin in your System CLASSPATH
0
 

Author Comment

by:M8xK
Comment Utility
As I wrote before, the VM the came with WAS is:
"J2RE 1.3.0 IBM build cn130-20010609" and that is the one the server runs with.

There is no java in the PATH, but I don't think that would help in respect to WAS.
0
 
LVL 3

Expert Comment

by:jerelw
Comment Utility
you do understand that WebSphere is a Java Application, right?
0
 

Author Comment

by:M8xK
Comment Utility
Yes, I do. What I meant to say, was simply that WebSphere does use its standard path to the Java JRE located within the WebSphere directory, if there is nothing else defined (JAVA_HOME or in PATH). Therefore I think it would not help to set the path to that WebSpere Java JRE it is already using (but please correct me if I'm wrong).

I'm not having any problems running the server itself or the sample web apps. The server stdout log shows the server is running using the standard IBM VM.

I'm just wondering, why the IBM classloader tries to load a class that is (via hardcoded string compare) reserved to the bootstrap classloader? And naturally what I could do to prevent that.

BTW, I really do appreciate your effort to try to help me very much. Thanks.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 3

Expert Comment

by:jerelw
Comment Utility
In your Application Node, check Advanced JVM Settings.

You can pre-pend or append any additional jars or zips.
0
 

Author Comment

by:M8xK
Comment Utility
Yes, I know. Since this is a problem with classes from the Java package, it seems to me that only adding something like the rt.jar to the bootstrap classpath could change anything about that. On the other hand that would be accessible to the VM anyway.
I tried it anyway, but without any apparent effect.
0
 

Author Comment

by:M8xK
Comment Utility
Yes, I know. Since this is a problem with classes from the Java package, it seems to me that only adding something like the rt.jar to the bootstrap classpath could change anything about that. On the other hand that would be accessible to the VM anyway.
I tried it anyway, but without any apparent effect.
0
 
LVL 3

Expert Comment

by:jerelw
Comment Utility
I still think if you added Java to your System classpath, this problem would go away.

The reason why is that I have WebSphere running on NT and AIX, and both machines have Java in the System classpath.

If Java is in your System classpath, you can be sure that the java.util package is there and you can be sure it's the version you want.

This may be insulting, but just to make sure, please check your code to see that you are in fact importing the java.util.Hashtable, Vector, StringTokenizer, etc.
0
 
LVL 3

Accepted Solution

by:
jerelw earned 155 total points
Comment Utility
0
 

Author Comment

by:M8xK
Comment Utility
Well, the servlet is using the standard classes - import and full class name.

I did think that maybe explicit import and then using the full class name (java.util.Hashtable ht = new java.util.Hashtable()) could be an issue. I thought this could trigger a special (maybe buggy) bahavior of the IBM classloader. But I tried that out with a DummyServlet - and that worked fine.

The issue with an rt.jar (I guess that is what you meant) in the classpath, I still don't fully understand. Since there are no other VMs installed on the machine and there are no env vars set, the VM can only use the standard rt.jar in its own lib dir. Nevertheless I will give it a shot.

Unfourtunately, I didn't find anything I could apply to this problem in the Admin guide.
0
 

Author Comment

by:M8xK
Comment Utility
Unfoutunately, I still haven't solved this problem and I would appreciate another hint very much.
0
 

Author Comment

by:M8xK
Comment Utility
I still cannot quite explain what the problem was or to be more specific what in my code triggered the behavior.

Nevertheless the problem is solved. I installed the WAS 4 FixPack 3 (4.0.3) and the problem evaporated. I assume it was a bug in the IBM CompoundClassLoader, but I didn't find it in the bug list of the FixPack.

Now I only have a normal/standard problem with a ClassNotFoundException when dynamically loading a class. But I think I will be able to find an answer to that fairly easy. Nevertheless I would appreciate comments in that as well.
0
 
LVL 19

Assisted Solution

by:Jim Cakalic
Jim Cakalic earned 155 total points
Comment Utility
By "dynamically loading" I suppose you mean Class.forName? You might try specifically loading through the Thread.currentThread().getContextClassLoader(). Also, consult these docs describing WAS ClassLoaders and resolving ClassNotFoundException:
    http://www7b.boulder.ibm.com/wsdd/library/techarticles/0112_deboer/deboer.html
    http://www-3.ibm.com/software/webservers/appserv/doc/v40/aee/wasa_content/08.html
    http://www-3.ibm.com/software/webservers/appserv/doc/v40/aee/wasa_content/04070203.html

Best regards,
Jim Cakalic
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now