Bug#545674: tomcat6: Crashes when trying to run a web app, including admin

Heikki Levanto heikki at indexdata.dk
Tue Sep 8 10:35:58 UTC 2009 

Package: tomcat6
Version: 6.0.20-5
Severity: grave
Justification: renders package unusable

Installing tomcat6-admin on a brand new Debian/squeeze gets nothing but 
a crash, when accessing the admin page. A similar crash happens when
accessing any web app.

I reproduced this on a fresh squeeze (a xen host made for this purpose). 
  apt-get install tomcat6-admin
  edit /etc/tomcat6/tomcat-users.xml
   - uncomment the users section
   - change passwords
   - add 'admin' and 'manager' to user 'tomcat'
Point a browser to port 8080 on that host. Get the 'It Works' page.
Click on the 'manager webapp' link, get to ...:8080/manager/html, and 
see a 500 page with 

description 
The server encountered an internal error () that prevented it from fulfilling this request.

exception 
javax.servlet.ServletException: Servlet.init() for servlet HTMLManager threw exception
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
        org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
        java.lang.Thread.run(Thread.java:636)

root cause 
java.security.AccessControlException: access denied (java.util.PropertyPermission catalina.base read)
        java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
        java.security.AccessController.checkPermission(AccessController.java:553)
        java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
        java.lang.System.getProperty(System.java:669)
        org.apache.catalina.manager.ManagerServlet.init(ManagerServlet.java:487)
        org.apache.catalina.manager.HTMLManagerServlet.init(HTMLManagerServlet.java:646)
        javax.servlet.GenericServlet.init(GenericServlet.java:212)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:616)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
        org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
        java.lang.Thread.run(Thread.java:636)

A similar crash can be provoked with the URL ...:8080/foobar/  
(but not with plain /foobar without the trailing slash)
That is why I report this on tomcat6, and not tomcat6-admin.

We had a similar problem after upgrading from tomcat6 from 6.0.20-2 
to 6.0.20-5.

If I can provide any additional information, I'd be glad to do so.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tomcat6 depends on:
ii  adduser              3.110               add and remove users and groups
ii  jsvc                 1.0.2~svn20061127-9 wrapper to launch Java application
ii  tomcat6-common       6.0.20-5            Servlet and JSP engine -- common f

tomcat6 recommends no packages.

Versions of packages tomcat6 suggests:
ii  tomcat6-admin                 6.0.20-5   Servlet and JSP engine -- admin we
pn  tomcat6-docs                  <none>     (no description available)
pn  tomcat6-examples              <none>     (no description available)

-- no debconf information

More information about the pkg-java-maintainers mailing list