javajakarta-eejava-metro-frameworksecurityexceptionibm-jdk

Error while initializing metro webservice client


Since few weeks we have some trouble with our external test environment (which is not operated by us). Our webapplication is connected to a soap webservice.

We are using:

The first time trying to initialize the client on this environment, we are getting the following exception (only on this environment):

java.lang.ExceptionInInitializerError
    at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
    at javax.xml.ws.Service.<init>(Service.java:57)
    at com.xxx.xxx.xxx.xxxy.client.MyServiceRequestProvider_Service.<init>(MyServiceRequestProvider_Service.java:50)
    at com.xxx.xxx.client.MyServiceRequester.<init>(MyServiceRequester.java:63)
    at com.xxx.xxx.action.CheckAction.execute(CheckAction.java:120)
    at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl.validateCheck(ApplicationValidatorImpl.java:403)
    at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad.CGLIB$validateCheck$6(<generated>)
    at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad$$FastClassByGuice$$380e5720.invoke(<generated>)
    at com.google.inject.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:187)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.ValidationErrorInterceptor.invoke(ValidationErrorInterceptor.java:21)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.PersistenzInterceptor.invoke(PersistenzInterceptor.java:35)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.google.inject.InterceptorStackCallback.intercept(InterceptorStackCallback.java:45)
    at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad.validateCheck(<generated>)
    at com.xxx.xxx.webservice.endpoint.xxxWS.order(xxxWS.java:99)
    at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf.CGLIB$order$1(<generated>)
    at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf$$FastClassByGuice$$806bc0a0.invoke(<generated>)
    at com.google.inject.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:187)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.RsvAgeManipulatorInterceptor.invoke(RsvAgeManipulatorInterceptor.java:95)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.ValueConverterInterceptor.invoke(ValueConverterInterceptor.java:101)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.DataValidationInterceptor.invoke(DataValidationInterceptor.java:31)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.UserValidationInterceptor.invoke(UserValidationInterceptor.java:36)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.xxx.xxx.webservice.guice.interceptor.SessionInitializerInterceptor.invoke(SessionInitializerInterceptor.java:65)
    at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
    at com.google.inject.InterceptorStackCallback.intercept(InterceptorStackCallback.java:45)
    at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf.order(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:618)
    at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:150)
    at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:261)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:207)
    at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159)
    at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194)
    at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
    at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
    at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
    at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
    at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
    at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
    at java.lang.Thread.run(Thread.java:811)
Caused by: java.lang.SecurityException: java.util.ServiceLoader - protected system package 'java.util'
    at java.lang.ClassLoader.checkClassName(ClassLoader.java:213)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:255)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:600)
    at java.net.URLClassLoader.access$400(URLClassLoader.java:124)
    at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java:1055)
    at java.security.AccessController.doPrivileged(AccessController.java:274)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:492)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:640)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:632)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:606)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1346)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1205)
    at java.lang.Class.forNameImpl(Native Method)
    at java.lang.Class.forName(Class.java:130)
    at javax.xml.ws.spi.Provider.<clinit>(Provider.java:55)
    at java.lang.J9VMInternals.initializeImpl(Native Method)
    at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
    ... 68 more

Further attempts to initialize this client results in:

2012-09-26 11:34:56,016 ERROR [TP-Processor7] com.xxx.xxx.client.MyServiceRequester#<init>(65): Error initialising MyServiceRequestProvider_Service
java.lang.NoClassDefFoundError: javax.xml.ws.spi.Provider (initialization failure)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
at javax.xml.ws.Service.<init>(Service.java:57)
...

It seems that there are some security issues within the metro Provider class. I think the following snipped of the class javax.xml.ws.spi.Provider of metro is the source of the failure:

static {
Method tLoadMethod = null;
Method tIteratorMethod = null;
try {
    Class<?> clazz = Class.forName("java.util.ServiceLoader");
    tLoadMethod = clazz.getMethod("load", Class.class);
    tIteratorMethod = clazz.getMethod("iterator");
} catch(ClassNotFoundException ce) {
    // Running on Java SE 5
} catch(NoSuchMethodException ne) {
   // Shouldn't happen
}
loadMethod = tLoadMethod;
iteratorMethod = tIteratorMethod;

}

It seems that instead of throwing an ClassNotFoundException the Classloader throws an SecurityException, which is not catched by the static initializer.

What can be the cause of this behaviour (some policy settings?) and how can we prevent this. The application is running on our local test environment, and was running on the external environment too. The external provider denies any changes of the environment. Is this behaviour IBM-JDK specific ?

EDIT:

I found the following in the JDK 5.0 API class java.security.SecureClassLoader :

SecurityException - if an attempt is made to add this class to a package that contains classes that were signed by a different set of certificates than this class, or if the class name begins with "java.".

But souldn't this happen to all Metro clients running on tomcat ?

EDIT:

Thanks a lot for the advice! There is actually the path of a JDK 1.6 rt.jar in the classpath. And therefore the ServiceLoader class is found but not allowed to load within the Provider.


Solution

  • Thanks to Sean,

    There actually was the path of a JDK 1.6 rt.jar in the classpath. And therefore the ServiceLoader class is found but not allowed to load within the Provider.