When running under a security manager, in 7.0.x (and also around 6.0.29+), the Sessions List options in the Tomcat Manager may display an error under certain conditions. CONDITION 1: APR enabled, catalina.base == catalina.home: - Encountered exception org.apache.jasper.JasperException: javax.servlet.ServletException: java.lang.NoClassDefFoundError: org/apache/catalina/ha/session/DeltaSession This permission is required: permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.*"; CONDITION 2: Regardless of APR, if catalina.base != catalina.home and catalina.home is the location of the webapps/manager application, this error displays: FAIL - Encountered exception org.apache.jasper.JasperException: An exception occurred processing JSP page /WEB-INF/jsp/sessionsList.jsp at line 99 96: <tbody> 97: <% Iterator iter = activeSessions.iterator(); 98: while (iter.hasNext()) { 99: Session currentSession = (Session) iter.next(); 100: String currentSessionId = JspHelper.escapeXml(currentSession.getId()); 101: %> 102: <tr> This is because the policy file assumes there is a per-instance webapps/manager application in catalina.base, as opposed to a shared one in catalina.home. Suggested fix, in catalina.policy, replace ... // The Manager application needs access to the following packages to support the // session display functionality grant codeBase "file:${catalina.base}/webapps/manager/-" { permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.*"; }; ... with ... // The Manager application needs access to the following packages to support the // session display functionality grant codeBase "file:${catalina.home}/webapps/manager/-" { permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.*"; }; // If using a per instance webapps directory, i.e. ${catalina.base}/webapps, // then the following permission will need to be uncommented // grant codeBase "file:${catalina.base}/webapps/manager/-" { // permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; // permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager"; // permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util"; // permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.*"; // }; * In the above, I've used the same commented-out approach as the one for the "file:${catalina.base}/lib/-" permissions for consistency, but the catalina.base permissions could also be left uncommented if most installations copy the default webapps folder into each instance and use it from there, to make larger deployments easier. Best Regards, Neale Rudd
Thanks for the report. This has been fixed in trunk and will be included in 7.0.11 onwards.
Created attachment 26758 [details] Patch for tc6.0.x Issue 1 can not occur in 6.0.x - the relevant changes were never pack-ported from 7.0.x Patch that covers issue 2 is attached and has been proposed for 6.0.x
Fixed in 6.0.x and will be included in 6.0.33 onwards.