'Re: More information, Re: Tomcat 8.5.68 failing on takeoff!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2021-08-06 4:15:51
Message-ID: 7adee665-1660-cc69-8d91-340da6aa9c9b () christopherschultz ! net
[Download RAW message or body]

James,

On 8/5/21 18:33, James H. H. Lampert wrote:
> I finally had a chance to switch the customer back to the failing Tomcat 
> 8.5.68, and this is what the browser error page shows (with a 500 error):
> 
> 
> Type Exception Report
> 
> Message AuthConfigFactory error: 
> java.lang.reflect.InvocationTargetException
> 
> Description The server encountered an unexpected condition that 
> prevented it from fulfilling the request.
> 
> Exception
> 
> java.lang.SecurityException: AuthConfigFactory error: 
> java.lang.reflect.InvocationTargetException
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85)
>  org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
>  org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
>  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
>  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
>  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
>  org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
>  org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> java.lang.Thread.run(Thread.java:811)
> Root Cause
> 
> java.lang.reflect.InvocationTargetException
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
>  sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
>  java.lang.reflect.Constructor.newInstance(Constructor.java:437)
> javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
>  javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
>  java.security.AccessController.doPrivileged(AccessController.java:696)
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
>  org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
>  org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
>  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
>  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
>  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
>  org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
>  org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> java.lang.Thread.run(Thread.java:811)
> Root Cause
> 
> java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException: 
> Feature: http://apache.org/xml/features/allow-java-encodings
> org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65)
>  org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
>  org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
>  sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
>  sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
>  java.lang.reflect.Constructor.newInstance(Constructor.java:437)
> javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
>  javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
>  java.security.AccessController.doPrivileged(AccessController.java:696)
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
>  org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
>  org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
>  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
>  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
>  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
>  org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
>  org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> java.lang.Thread.run(Thread.java:811)
> Root Cause
> 
> org.xml.sax.SAXNotRecognizedException: Feature: 
> http://apache.org/xml/features/allow-java-encodings
> org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
> org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
> org.apache.crimson.jaxp.SAXParserImpl.<init>(SAXParserImpl.java:126)
> org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
>  org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
>  org.apache.tomcat.util.digester.Digester.setFeature(Digester.java:526)
> org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:61)
>  org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
>  org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
>  sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
>  sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
>  java.lang.reflect.Constructor.newInstance(Constructor.java:437)
> javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
>  javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
>  java.security.AccessController.doPrivileged(AccessController.java:696)
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
>  org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
>  org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
>  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
>  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
>  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
>  org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
>  org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> java.lang.Thread.run(Thread.java:811)
> Note The full stack trace of the root cause is available in the server 
> logs.

Now THAT looks like a bug. Here is the code around that setFeature() call:

             Digester digester = new Digester();

             try {
 
digester.setFeature("http://apache.org/xml/features/allow-java-encodings", 
true);
                 digester.setValidating(true);
                 digester.setNamespaceAware(true);
             } catch (Exception e) {
                 throw new SecurityException(e);
             }

That digester.setFeature() call should be in its own try/catch block 
which issues a warning if a SAXException is thrown.

> I will note that the *second* SAXNotRecognizedException stack trace 
> starts out exactly like the one in catalina.out, but diverges after 
> Digester.java:526. The first three stacktraces on the error page look 
> completely different.

Yep: the other one you showed was caught and logged, but otherwise ignored.

> The first stacktrace on the error page looks similar to one in 
> localhost.2021-08-05.log, timestamped when I attempted to access manager:
> 
> 05-Aug-2021 17:05:52.697 SEVERE [https-jsse-nio-443-exec-10] 
> org.apache.catalina.core.StandardHostValve.invoke Exception Processing 
> /manager/
> java.lang.SecurityException: AuthConfigFactory error: 
> java.lang.reflect.InvocationTargetException
> at 
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85) \
>  
> . . .
> 
> localhost_access_log.2021-08-05.txt shows (IP address redacted):
> [05/Aug/2021:17:05:52 -0500] "GET /manager HTTP/1.1" 302 -
> [05/Aug/2021:17:05:52 -0500] "GET /manager/ HTTP/1.1" 500 9663
> 
> and the manager log shows nothing at all.
> 
> And to reiterate, the very same JVM has no difficulty at all running 
> Tomcat 7.0.93.

Something seems odd about that. There must be soe configuration 
difference between your 7.0.x environment and the 8.5.x environment you 
are testing. Somehow, the Crimson XML library is not being used by 
Tomcat in your 7.0.x environment. Do you know if you have customized 
your conf/catalina.properties or have some non-mundane CATALINA_OPTS 
being set in your 7.0.x and.or 8.5.x environments?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic