启用安全管理器并以Servlet3.0模式加载Spring的Tomcat7
我有一个设置了web.xml的SpringMVC应用程序,它在启用了安全管理器的Tomcat7下运行良好。现在,我已经将应用程序转换为JavaConfig和Servlet 3.0基于代码的配置no web.xml,我得到了以下异常:启用安全管理器并以Servlet3.0模式加载Spring的Tomcat7,tomcat,spring-mvc,tomcat7,servlet-3.0,Tomcat,Spring Mvc,Tomcat7,Servlet 3.0,我有一个设置了web.xml的SpringMVC应用程序,它在启用了安全管理器的Tomcat7下运行良好。现在,我已经将应用程序转换为JavaConfig和Servlet 3.0基于代码的配置no web.xml,我得到了以下异常: [ 05 Jun 2014 05:48:27 ] ERROR: Context initialization failed! org.springframework.beans.factory.BeanDefinitionStoreException: IOExce
[ 05 Jun 2014 05:48:27 ] ERROR: Context initialization failed!
org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from ServletContext resource [/WEB-INF/applicationContext.xml]; nested exception is java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/applicationContext.xml]
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:343)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:216)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:187)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:540)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:454)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4765)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5260)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:866)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:128)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:151)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:840)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:958)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1599)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/applicationContext.xml]
at org.springframework.web.context.support.ServletContextResource.getInputStream(ServletContextResource.java:141)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:329)
... 29 more
Jun 05, 2014 5:48:27 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
如果您查看Spring,您将看到SpringServlet3.0环境只调用带有参数的ContextServletListener构造函数,构造的上下文请参见AbstractContextLoaderInitializer。但在调查期间,我发现ContextServletListener的空构造函数也被调用了!我在jdb中看到了:
清楚地看到,它构建了一个新实例,而不是传递已经构建的实例。iPackageProtectionEnabled具有以下条件:
private static boolean packageDefinitionEnabled =
(System.getProperty("package.definition") == null &&
System.getProperty("package.access") == null) ? false : true;
所以我可以通过关闭Tomcat中的包保护来解决这个问题。因此,我的问题是:
为什么要这样做?
如何补救这种情况,而不采取变通措施,不完全关闭安全性,也不关闭软件包保护?
我不知道为什么会这样做,但这似乎是Tomcat的一个bug
649 @Override
650 public <T extends EventListener> void More ...addListener(T t) {
651 if (SecurityUtil.isPackageProtectionEnabled()) {
652 doPrivileged("addListener",
653 new Object[]{t.getClass().getName()});
654 } else {
655 context.addListener(t);
656 }
657 }
private static boolean packageDefinitionEnabled =
(System.getProperty("package.definition") == null &&
System.getProperty("package.access") == null) ? false : true;