启用安全管理器并以Servlet3.0模式加载Spring的Tomcat7_Tomcat_Spring Mvc_Tomcat7_Servlet 3.0

启用安全管理器并以Servlet3.0模式加载Spring的Tomcat7

tomcat spring-mvc

启用安全管理器并以Servlet3.0模式加载Spring的Tomcat7,tomcat,spring-mvc,tomcat7,servlet-3.0,Tomcat,Spring Mvc,Tomcat7,Servlet 3.0,我有一个设置了web.xml的SpringMVC应用程序，它在启用了安全管理器的Tomcat7下运行良好。现在，我已经将应用程序转换为JavaConfig和Servlet 3.0基于代码的配置no web.xml，我得到了以下异常： [ 05 Jun 2014 05:48:27 ] ERROR: Context initialization failed! org.springframework.beans.factory.BeanDefinitionStoreException: IOExce

我有一个设置了web.xml的SpringMVC应用程序，它在启用了安全管理器的Tomcat7下运行良好。现在，我已经将应用程序转换为JavaConfig和Servlet 3.0基于代码的配置no web.xml，我得到了以下异常：

[ 05 Jun 2014 05:48:27 ] ERROR: Context initialization failed!
org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from ServletContext resource [/WEB-INF/applicationContext.xml]; nested exception is java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/applicationContext.xml]
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:343)
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:216)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:187)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
        at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
        at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:540)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:454)
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4765)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5260)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:866)
        at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:128)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:151)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:840)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:958)
        at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1599)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
Caused by: java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/applicationContext.xml]
        at org.springframework.web.context.support.ServletContextResource.getInputStream(ServletContextResource.java:141)
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:329)
        ... 29 more
Jun 05, 2014 5:48:27 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener

如果您查看Spring，您将看到SpringServlet3.0环境只调用带有参数的ContextServletListener构造函数，构造的上下文请参见AbstractContextLoaderInitializer。但在调查期间，我发现ContextServletListener的空构造函数也被调用了！我在jdb中看到了：

清楚地看到，它构建了一个新实例，而不是传递已经构建的实例。iPackageProtectionEnabled具有以下条件：

private static boolean packageDefinitionEnabled =
         (System.getProperty("package.definition") == null &&
            System.getProperty("package.access")  == null) ? false : true;

所以我可以通过关闭Tomcat中的包保护来解决这个问题。因此，我的问题是：

为什么要这样做？如何补救这种情况，而不采取变通措施，不完全关闭安全性，也不关闭软件包保护？

我不知道为什么会这样做，但这似乎是Tomcat的一个bug

649    @Override
650    public <T extends EventListener> void More ...addListener(T t) {
651        if (SecurityUtil.isPackageProtectionEnabled()) {
652            doPrivileged("addListener",
653                    new Object[]{t.getClass().getName()});
654        } else {
655            context.addListener(t);
656        }
657    }

private static boolean packageDefinitionEnabled =
         (System.getProperty("package.definition") == null &&
            System.getProperty("package.access")  == null) ? false : true;