Bug 46408

Summary: Invalid cast in SecurityUtil
Product: Tomcat 5 Reporter: Kazimierz Pogoda <hshsce>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal CC: hshsce
Priority: P2    
Version: 5.5.27   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Kazimierz Pogoda 2008-12-16 15:22:51 UTC 
In case of PrivilegedActionException thrown in:

    private static void execute(final Method method,
                                final Object targetObject, 
                                final Object[] targetArguments,
                                Principal principal)

method, there is a false assumption in catch block, that PrivilegedActionException.getException() will return InvocationTargetException. It could be also IllegalAccessException and possibly other types of exceptions as well.

Here is the stack trace provoked on catalina shutdown when enabled security manager:
java.lang.ClassCastException: java.lang.IllegalAccessException cannot be cast to java.lang.reflect.InvocationTargetException
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:278)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
        at org.apache.catalina.core.ApplicationFilterConfig.release(ApplicationFilterConfig.java:326)
        at org.apache.catalina.core.StandardContext.filterStop(StandardContext.java:3744)
        at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4513)
        at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
        at org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1191)
        at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1162)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:313)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
        at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
        at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
        at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
        at org.apache.catalina.core.StandardService.stop(StandardService.java:584)
        at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
        at org.apache.catalina.startup.Catalina.stop(Catalina.java:628)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.stop(Bootstrap.java:300)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.commons.daemon.support.DaemonLoader.stop(DaemonLoader.java:200)
Comment 1 Mark Thomas 2008-12-19 06:30:03 UTC 
Thanks for the report. This has been fixed in trunk and proposed for 6.0.x
Comment 2 Kazimierz Pogoda 2008-12-22 11:41:53 UTC 
It seems that tomcats 5.5.x suffer from the same issue.
Comment 3 Mark Thomas 2008-12-22 13:14:57 UTC 
I've proposed the same fix for 5.5.x
Comment 4 Mark Thomas 2008-12-27 11:47:54 UTC 
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.

I am changing the product to TC5 as it is still open there.
Comment 5 Mark Thomas 2009-06-03 14:19:31 UTC 
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.