Bug 46408 - Invalid cast in SecurityUtil
Summary: Invalid cast in SecurityUtil
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.5.27
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-16 15:22 UTC by Kazimierz Pogoda
Modified: 2009-06-03 14:19 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kazimierz Pogoda 2008-12-16 15:22:51 UTC
In case of PrivilegedActionException thrown in:

    private static void execute(final Method method,
                                final Object targetObject, 
                                final Object[] targetArguments,
                                Principal principal)

method, there is a false assumption in catch block, that PrivilegedActionException.getException() will return InvocationTargetException. It could be also IllegalAccessException and possibly other types of exceptions as well.

Here is the stack trace provoked on catalina shutdown when enabled security manager:
java.lang.ClassCastException: java.lang.IllegalAccessException cannot be cast to java.lang.reflect.InvocationTargetException
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:278)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
        at org.apache.catalina.core.ApplicationFilterConfig.release(ApplicationFilterConfig.java:326)
        at org.apache.catalina.core.StandardContext.filterStop(StandardContext.java:3744)
        at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4513)
        at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
        at org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1191)
        at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1162)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:313)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
        at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
        at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
        at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
        at org.apache.catalina.core.StandardService.stop(StandardService.java:584)
        at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
        at org.apache.catalina.startup.Catalina.stop(Catalina.java:628)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.stop(Bootstrap.java:300)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.commons.daemon.support.DaemonLoader.stop(DaemonLoader.java:200)
Comment 1 Mark Thomas 2008-12-19 06:30:03 UTC
Thanks for the report. This has been fixed in trunk and proposed for 6.0.x
Comment 2 Kazimierz Pogoda 2008-12-22 11:41:53 UTC
It seems that tomcats 5.5.x suffer from the same issue.
Comment 3 Mark Thomas 2008-12-22 13:14:57 UTC
I've proposed the same fix for 5.5.x
Comment 4 Mark Thomas 2008-12-27 11:47:54 UTC
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.

I am changing the product to TC5 as it is still open there.
Comment 5 Mark Thomas 2009-06-03 14:19:31 UTC
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.