Solved

java.lang.SecurityException: Prohibited package name: java.util when running a Servlet with WAS 4.0.1

Posted on 2002-04-24
20
5,558 Views
Last Modified: 2013-12-10
Hi everybody,

I am trying to run a servlet under WAS 4.0.1 (Samples worked fine)

Assembling (both manual (ant) and with the WAS Assambly tool) and deploying seemed to work without much of a problem.

When I start the servlet (named HttpServer) I get the following Exception:

HttpServer: java.lang.SecurityException: Prohibited package name: java.util
     at java.lang.ClassLoader.defineClass(ClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
     at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:286)
     at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))

This happens when nothing more exciting than instantiating an object from java.util is done: "new java.util.StringTokenizer()". Restructuring the code a bit, it came when getting the class object for Hashtable: "java.util.Hashtable.class".

It seems to be simply the first occurrence of any class in a "java." package (obviously excluding java.lang). To my knowledge the "java." packages are restricted to be loaded by the bootstrap classloader. From the stack trace it looks like the prorietary classloader ingnores that rule.

If that would be the case for all webapps deployed in WebSphere, it would definitely make running almost any servlet in WebSphere impossible ;-) Since I cannot imagine this to be true, I am wondering whether I missed some kind of configuration in WebSphere or a parameter in the assembly of the war or the ear.

0
Comment
Question by:M8xK
  • 9
  • 7
20 Comments
 
LVL 3

Expert Comment

by:jerelw
ID: 6965610
what os are you on?

What version of java did you install?

what does your root .profile file look like?
0
 

Author Comment

by:M8xK
ID: 6965655
The WAS is running on NT 4.0 SP 6a.

The version of Java that came with WAS is "J2RE 1.3.0 IBM build cn130-20010609 (JIT enabled: jitc), Java Compiler = jitc". I tried to change that to a SUM VM, but non of my attempts were successful.

Since it's NT, there is no .profile. In case you were wondering about JAVA_HOME: it is not set.
0
 
LVL 3

Expert Comment

by:jerelw
ID: 6966358
What happened when "attempts were successful" at changing to the Sun JVM?
0
 

Author Comment

by:M8xK
ID: 6966394
Well, sorry for the typo: I meant, none of my attempts were successful.

When  I tried to switch to SUN VM 1.3.1 I got an exception on server startup:
java.lang.Throwable
     at com.ibm.ejs.ras.TraceEventGeneratorImpl.fireTraceEvent(Tr.java:1462)
     at com.ibm.ejs.ras.TraceEventGeneratorImpl.fireTraceEvent(Tr.java:1346)
     at com.ibm.ejs.ras.Tr.fatal(Tr.java:828)
     at com.ibm.ejs.sm.server.AdminServer.main(AdminServer.java:405)
     at java.lang.reflect.Method.invoke(Native Method)
     at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:158)
0
 
LVL 3

Expert Comment

by:jerelw
ID: 6967090
WebSphere runs as Administrator

Login as Administrator and type java -fullversion

You should see something like this:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>java -fullversion
java full version "1.3.1_02-b02"

If you get an error, try putting the java/bin in your System CLASSPATH
0
 

Author Comment

by:M8xK
ID: 6967919
As I wrote before, the VM the came with WAS is:
"J2RE 1.3.0 IBM build cn130-20010609" and that is the one the server runs with.

There is no java in the PATH, but I don't think that would help in respect to WAS.
0
 
LVL 3

Expert Comment

by:jerelw
ID: 6968486
you do understand that WebSphere is a Java Application, right?
0
 

Author Comment

by:M8xK
ID: 6968547
Yes, I do. What I meant to say, was simply that WebSphere does use its standard path to the Java JRE located within the WebSphere directory, if there is nothing else defined (JAVA_HOME or in PATH). Therefore I think it would not help to set the path to that WebSpere Java JRE it is already using (but please correct me if I'm wrong).

I'm not having any problems running the server itself or the sample web apps. The server stdout log shows the server is running using the standard IBM VM.

I'm just wondering, why the IBM classloader tries to load a class that is (via hardcoded string compare) reserved to the bootstrap classloader? And naturally what I could do to prevent that.

BTW, I really do appreciate your effort to try to help me very much. Thanks.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:jerelw
ID: 6969016
In your Application Node, check Advanced JVM Settings.

You can pre-pend or append any additional jars or zips.
0
 

Author Comment

by:M8xK
ID: 6969044
Yes, I know. Since this is a problem with classes from the Java package, it seems to me that only adding something like the rt.jar to the bootstrap classpath could change anything about that. On the other hand that would be accessible to the VM anyway.
I tried it anyway, but without any apparent effect.
0
 

Author Comment

by:M8xK
ID: 6969276
Yes, I know. Since this is a problem with classes from the Java package, it seems to me that only adding something like the rt.jar to the bootstrap classpath could change anything about that. On the other hand that would be accessible to the VM anyway.
I tried it anyway, but without any apparent effect.
0
 
LVL 3

Expert Comment

by:jerelw
ID: 6969348
I still think if you added Java to your System classpath, this problem would go away.

The reason why is that I have WebSphere running on NT and AIX, and both machines have Java in the System classpath.

If Java is in your System classpath, you can be sure that the java.util package is there and you can be sure it's the version you want.

This may be insulting, but just to make sure, please check your code to see that you are in fact importing the java.util.Hashtable, Vector, StringTokenizer, etc.
0
 
LVL 3

Accepted Solution

by:
jerelw earned 155 total points
ID: 6969403
0
 

Author Comment

by:M8xK
ID: 6970842
Well, the servlet is using the standard classes - import and full class name.

I did think that maybe explicit import and then using the full class name (java.util.Hashtable ht = new java.util.Hashtable()) could be an issue. I thought this could trigger a special (maybe buggy) bahavior of the IBM classloader. But I tried that out with a DummyServlet - and that worked fine.

The issue with an rt.jar (I guess that is what you meant) in the classpath, I still don't fully understand. Since there are no other VMs installed on the machine and there are no env vars set, the VM can only use the standard rt.jar in its own lib dir. Nevertheless I will give it a shot.

Unfourtunately, I didn't find anything I could apply to this problem in the Admin guide.
0
 

Author Comment

by:M8xK
ID: 7010540
Unfoutunately, I still haven't solved this problem and I would appreciate another hint very much.
0
 

Author Comment

by:M8xK
ID: 7013675
I still cannot quite explain what the problem was or to be more specific what in my code triggered the behavior.

Nevertheless the problem is solved. I installed the WAS 4 FixPack 3 (4.0.3) and the problem evaporated. I assume it was a bug in the IBM CompoundClassLoader, but I didn't find it in the bug list of the FixPack.

Now I only have a normal/standard problem with a ClassNotFoundException when dynamically loading a class. But I think I will be able to find an answer to that fairly easy. Nevertheless I would appreciate comments in that as well.
0
 
LVL 19

Assisted Solution

by:Jim Cakalic
Jim Cakalic earned 155 total points
ID: 7043187
By "dynamically loading" I suppose you mean Class.forName? You might try specifically loading through the Thread.currentThread().getContextClassLoader(). Also, consult these docs describing WAS ClassLoaders and resolving ClassNotFoundException:
    http://www7b.boulder.ibm.com/wsdd/library/techarticles/0112_deboer/deboer.html
    http://www-3.ibm.com/software/webservers/appserv/doc/v40/aee/wasa_content/08.html
    http://www-3.ibm.com/software/webservers/appserv/doc/v40/aee/wasa_content/04070203.html

Best regards,
Jim Cakalic
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to configure the log file globally for all environments? 7 127
websphere 8 listener 3 64
splunk tool 1 60
plusOut java challenge 40 170
-Xmx and -Xms are the two JVM options often used to tune JVM heap size.   Here are some common mistakes made when using them:   Assume BigApp is a java class file for the below examples. 1.         Missing m, M, g or G at the end …
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now