我們最近從8.0.32更新了tomcat到8.5.6,並且在嘗試加載/opt/apache-tomcat-8.5.6_1/webapps/example/WEB-INF/classes/com/sun/xml/internal/ws/runtime/config/jaxb.properties
時遇到AccessControlException
,我調試了tomcat 8.5.6和8.0.32之間的源代碼,它在org.apache.catalina.loader.WebappClassLoaderBase.findResource
tomcat8.0和tomcat8.5.6 WebappClassLoaderBase
是不同Tomcat8.0
public URL findResource(final String name) {
if (log.isDebugEnabled())
log.debug(" findResource(" + name + ")");
checkStateForResourceLoading(name);
URL url = null;
String path = nameToPath(name);
ResourceEntry entry = resourceEntries.get(path);
if (entry == null) {
if (securityManager != null) {
PrivilegedAction<ResourceEntry> dp =
new PrivilegedFindResourceByName(name, path);
entry = AccessController.doPrivileged(dp);
} else {
entry = findResourceInternal(name, path);
}
}
if (entry != null) {
url = entry.source;
entry.webResource = null;
}
if ((url == null) && hasExternalRepositories) {
url = super.findResource(name);
}
if (log.isDebugEnabled()) {
if (url != null)
log.debug(" --> Returning '" + url.toString() + "'");
else
log.debug(" --> Resource not found, returning null");
}
return url;
}
Tomcat8.5.6
public URL findResource(final String name) {
if (log.isDebugEnabled())
log.debug(" findResource(" + name + ")");
checkStateForResourceLoading(name);
URL url = null;
String path = nameToPath(name);
WebResource resource = resources.getClassLoaderResource(path);
if (resource.exists()) {
url = resource.getURL();
trackLastModified(path, resource);
}
if ((url == null) && hasExternalRepositories) {
url = super.findResource(name);
}
if (log.isDebugEnabled()) {
if (url != null)
log.debug(" --> Returning '" + url.toString() + "'");
else
log.debug(" --> Resource not found, returning null");
}
return url;
}
正如你所看到的,tomcat8.0由AccessController.doPrivileged負載的資源,但在tomcat8.5.6,它直接加載資源,我認爲這就是爲什麼我得到了一個異常
java.security.AccessControlException: access denied
("java.io.FilePermission"
"/opt/apache-tomcat-8.5.6_1/webapps/example/WEB-INF/classes/com/sun/xml/internal/ws/runtime/config/jaxb.properties"
"read")
java.lang.IllegalStateException: MASM0003: Default [ jaxws-tubes-default.xml ] configuration file was not loaded
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.init(MetroConfigLoader.java:133)
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.<init>(MetroConfigLoader.java:104)
這個文件是由加載MetroConfigLoader
,
private static JAXBContext createJAXBContext() throws Exception {
return isJDKInternal()?(JAXBContext)AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {
public JAXBContext run() throws Exception {
return JAXBContext.newInstance(MetroConfig.class.getPackage().getName());
}
}, createSecurityContext()):JAXBContext.newInstance(MetroConfig.class.getPackage().getName());
}
private static AccessControlContext createSecurityContext() {
PermissionCollection perms = new Permissions();
perms.add(new RuntimePermission("accessClassInPackage.com.sun.xml.internal.ws.runtime.config"));
perms.add(new ReflectPermission("suppressAccessChecks"));
return new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain((CodeSource)null, perms)});
}
有人遇到同樣的問題嗎?或者還有其他一些問題。謝謝。 3天研究