From issues-return-13263-apmail-struts-issues-archive=struts.apache.org@struts.apache.org Fri May 29 21:58:01 2009 Return-Path: Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: (qmail 35766 invoked from network); 29 May 2009 21:58:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 29 May 2009 21:58:01 -0000 Received: (qmail 37882 invoked by uid 500); 29 May 2009 21:58:13 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 37827 invoked by uid 500); 29 May 2009 21:58:13 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 37817 invoked by uid 99); 29 May 2009 21:58:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 May 2009 21:58:13 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 May 2009 21:58:02 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id B4A1D234C004 for ; Fri, 29 May 2009 14:57:42 -0700 (PDT) Message-ID: <140191043.1243634262737.JavaMail.jira@brutus> Date: Fri, 29 May 2009 14:57:42 -0700 (PDT) From: "Kent R. Spillner (JIRA)" To: issues@struts.apache.org Subject: [jira] Issue Comment Edited: (WW-3114) Work around getSystemClassloader call for compatibility with GAE In-Reply-To: <1585644362.1241123190796.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 2265bf7ad70cb93affdfde3e15287371 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/struts/browse/WW-3114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=46290#action_46290 ] Kent R. Spillner edited comment on WW-3114 at 5/29/09 2:56 PM: --------------------------------------------------------------- Hi, Musachy- Thanks again for your suggestions; I apologize for taking so long to get back to you! Renaming index.jsp to index.ftl works correctly. Awesome! Now, at least, I have a work-around. :D Below are the full trace logs available from the AppEngine dashboard for two separate requests: /foo/ which successfully renders WEB-INF/content/foo/index.ftl, and / which incorrectly renders WEB-INF/content/index.jsp. Unfortunately, I believe this is all of the logging information available from AppEngine. There are no errors reported in either, and the two look very similar. The only thing that looks odd to me is the double slash in the lookup path. ######################################################### # # Request for /foo/ which correctly renders WEB-INF/content/foo/index.ftl # 05-29 02:47PM 02.262 /foo/ 200 79ms 124cpu_ms 0kb *REDACTED*.appspot.com Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe) xxx.xxx.xxx.xxx - - [29/May/2009:14:47:02 -0700] "GET /foo/ HTTP/1.1" 200 228 - "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe)" "*REDACTED*.appspot.com" D 05-29 02:47PM 02.302 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.jspx] D 05-29 02:47PM 02.304 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.vm] D 05-29 02:47PM 02.304 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.jsp] D 05-29 02:47PM 02.305 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.ftl] ######################################################### # # Request for / which incorrectly renders WEB-INF/content/index.jsp # 05-29 02:44PM 17.933 / 200 56ms 92cpu_ms 0kb *REDACTED*.appspot.com Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe) xxx.xxx.xxx.xxx - - [29/May/2009:14:44:17 -0700] "GET / HTTP/1.1" 200 302 - "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe)" "*REDACTED*.appspot.com" D 05-29 02:44PM 17.964 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.jspx] D 05-29 02:44PM 17.966 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.vm] D 05-29 02:44PM 17.969 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.jsp] was (Author: sl4mmy): Hi, Musachy- Thanks again for your suggestions; I apologize for taking so long to get back to you! Renaming index.jsp to index.ftl works correctly. Awesome! Now, at least, I have a work-around. :D Below are the full trace logs available from the AppEngine dashboard for two separate requests: /foo/ which successfully renders WEB-INF/content/foo/index.ftl, and / which incorrectly renders WEB-INF/content/index.jsp. Unfortunately, I believe this is all of the logging information available from AppEngine. There are no errors reported in either, and the two look very similar. The only thing that looks odd to me is the double slash in the lookup path. ######################################################### # # Request for /foo/ which correctly renders WEB-INF/content/foo/index.ftl # 05-29 02:47PM 02.262 /foo/ 200 79ms 124cpu_ms 0kb 6.latest.ozgeandkent.appspot.com Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe) 75.27.59.135 - - [29/May/2009:14:47:02 -0700] "GET /foo/ HTTP/1.1" 200 228 - "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe)" "6.latest.ozgeandkent.appspot.com" D 05-29 02:47PM 02.302 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.jspx] D 05-29 02:47PM 02.304 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.vm] D 05-29 02:47PM 02.304 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.jsp] D 05-29 02:47PM 02.305 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content/foo//index.ftl] ######################################################### # # Request for / which incorrectly renders WEB-INF/content/index.jsp # 05-29 02:44PM 17.933 / 200 56ms 92cpu_ms 0kb *REDACTED*.appspot.com Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe) xxx.xxx.xxx.xxx - - [29/May/2009:14:44:17 -0700] "GET / HTTP/1.1" 200 302 - "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe)" "*REDACTED*.appspot.com" D 05-29 02:44PM 17.964 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.jspx] D 05-29 02:44PM 17.966 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.vm] D 05-29 02:44PM 17.969 com.opensymphony.xwork2.util.logging.commons.CommonsLogger trace: Checking for [/WEB-INF/content//index.jsp] > Work around getSystemClassloader call for compatibility with GAE > ---------------------------------------------------------------- > > Key: WW-3114 > URL: https://issues.apache.org/struts/browse/WW-3114 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention > Affects Versions: 2.1.7 > Reporter: Leonard Broman > Assignee: Wes Wannemacher > Fix For: 2.1.7 > > Attachments: demonstrate-gae-security-hole.war, gae-patch.txt > > > The Google App Engine sandbox does not allow application to access the system classloader using the ClassLoader.getSystemClassLoader() accessor. The convention plugin uses this to exclude urls to scan in PackageBasedActionConfigBuilder.java. > Due to this, convention plugin is not functioning properly in the GAE sandbox. > Stacktrace from app engine: > com.opensymphony.xwork2.util.logging.jdk.JdkLogger error: Unable to scan named packages > java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) > at java.security.AccessControlContext.checkPermission(Unknown Source) > at java.security.AccessController.checkPermission(Unknown Source) > at java.lang.SecurityManager.checkPermission(Unknown Source) > at java.lang.ClassLoader.getSystemClassLoader(Unknown Source) > at org.apache.struts2.convention.PackageBasedActionConfigBuilder.buildUrlSet(PackageBasedActionConfigBuilder.java:324) > at org.apache.struts2.convention.PackageBasedActionConfigBuilder.findActions(PackageBasedActionConfigBuilder.java:295) > at org.apache.struts2.convention.PackageBasedActionConfigBuilder.buildActionConfigs(PackageBasedActionConfigBuilder.java:277) > at org.apache.struts2.convention.ClasspathPackageProvider.loadPackages(ClasspathPackageProvider.java:52) > at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:200) > at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:55) > at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:360) > at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:403) > at org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:190) > at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:99) > at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:589) > at org.mortbay.jetty.servlet.Context.startContext(Context.java:139) > at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1218) > at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:500) > at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:448) > at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:190) > at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:167) > at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:113) > at com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java:235) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:4547) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:4545) > at com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingApplicationHandler.java:24) > at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java:359) > at com.google.net.rpc.impl.Server$2.run(Server.java:792) > at com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java:56) > at com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpanBuilder.java:489) > at com.google.net.rpc.impl.Server.startRpc(Server.java:748) > at com.google.net.rpc.impl.Server.processRequest(Server.java:340) > at com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.java:422) > at com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java:319) > at com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java:290) > at com.google.net.async.Connection.handleReadEvent(Connection.java:419) > at com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.java:733) > at com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java:207) > at com.google.net.async.EventDispatcher.loop(EventDispatcher.java:101) > at com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java:249) > at com.google.apphosting.runtime.JavaRuntime$RpcRunnable.run(JavaRuntime.java:373) > at java.lang.Thread.run(Unknown Source) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.