[jboss-jira] [JBoss JIRA] Commented: (JBWEB-200) REGRESSION: JSP generation uses TomcatInjectionContainer unsafely, leading to race condition

Richard Kennard (JIRA) jira-events at lists.jboss.org
Mon May 30 17:25:00 EDT 2011 

    [ https://issues.jboss.org/browse/JBWEB-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605362#comment-12605362 ] 

Richard Kennard commented on JBWEB-200:
---------------------------------------

Remy,

I respect your expertise on this matter. However please note this is not a Tomcat design decision.

'loadClass' is explicitly synchronized in java.net.URLClassLoader and java.lang.ClassLoader (and probably other ClassLoaders too). I believe it is synchronized by design. It seems a mistake to override it and forget to add the 'synchronized' keyword on the overridden method in the subclass?

It breaks the contract of java.lang.ClassLoader.

Richard.

> REGRESSION: JSP generation uses TomcatInjectionContainer unsafely, leading to race condition
> --------------------------------------------------------------------------------------------
>
>                 Key: JBWEB-200
>                 URL: https://issues.jboss.org/browse/JBWEB-200
>             Project: JBoss Web
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Tomcat
>    Affects Versions: JBossWeb-3.0.0.CR1
>         Environment: JBoss AS 6.0.0.Final (apologies if this isn't JBossWeb-3.0.0.CR1?)
>            Reporter: Richard Kennard
>            Assignee: Remy Maucherat
>            Priority: Critical
>             Fix For: JBossWeb-3.0.0.Final
>
>
> Hi guys,
> Thanks for the great work you do on JBoss Web! We've been using it in production for years and it's a really solid product.
> We are just upgrading from JBoss 5.1.0.GA to JBoss AS 6.0.0.Final. There appears to have been a serious regression in the JSP compilation. In JBoss 5.1.0.GA our JSP page compiled to this (looking in the /work folder)...
>     PageContext pageContext = _jspx_page_context;
>     JspWriter out = _jspx_page_context.getOut();
>     //  tags:page-loggedIn
>     org.apache.jsp.tag.web.page_002dloggedIn_tag _jspx_th_tags_005fpage_002dloggedIn_005f0 = (new org.apache.jsp.tag.web.page_002dloggedIn_tag());
>     _jsp_instancemanager.newInstance(_jspx_th_tags_005fpage_002dloggedIn_005f0);
>     _jspx_th_tags_005fpage_002dloggedIn_005f0.setJspContext(_jspx_page_context);
> ...but in JBoss AS 6.0.0.Final it compiles to this...
>     PageContext pageContext = _jspx_page_context;
>     JspWriter out = _jspx_page_context.getOut();
>     //  tags:page-loggedIn
>     org.apache.jsp.tag.web.page_002dloggedIn_tag _jspx_th_tags_005fpage_002dloggedIn_005f0 = (org.apache.jsp.tag.web.page_002dloggedIn_tag)_jsp_instancemanager.newInstance("org.apache.jsp.tag.web.page_002dloggedIn_tag", this.getClass().getClassLoader());
>     _jspx_th_tags_005fpage_002dloggedIn_005f0.setJspContext(_jspx_page_context);
> There is a slight difference in which _jsp_instancemanager method is being called. The new JSP is calling the version of the method which takes a name. The old JSP was using the version which takes an Object.
> Behind the scenes _jsp_instance maps to TomcatInjectionContainer, which uses a ClassLoader implemented by JasperLoader. However, JasperLoader.loadClass(name, resolve) *is not Thread safe*. Even though it probably should be (java.lang.ClassLoader.loadClass(name, resolve) *is* Thread-safe, but JasperLoader overrides it and neglects to use 'synchronized' - so there may be 2 bugs here?)
> Anyway, regardless of whether the bug is in the JSP compilation or JasperLoader, under concurrent load we see this:
> Caused by: java.lang.IllegalArgumentException: org.apache.jsp.tag.web
>         at java.lang.ClassLoader.definePackage(ClassLoader.java:1452)
>         at java.net.URLClassLoader.defineClass(URLClassLoader.java:251)
>         at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
>         at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>         at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:135)
>         at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:67)
>         at org.jboss.web.tomcat.service.TomcatInjectionContainer.newInstance(TomcatInjectionContainer.java:278)
>         at org.apache.jsp.platforms.platforms_jsp._jspx_meth_tags_005fpage_002dloggedIn_005f0(platforms_jsp.java:113)
> Which is caused by this:
> 2011-05-23 13:53:11,874 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/].[jsp]] (http-116.50.21.248-8443-7) Servlet.service() for servlet jsp threw exception: java.lang.LinkageError: loader (instance of  org/apache/jasper/servlet/JasperLoader): attempted  duplicate class definition for name: "org/apache/jsp/tag/web/page_002dloggedIn_tag"
>         at java.lang.ClassLoader.defineClass1(Native Method) [:1.6.0_24]
>         at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) [:1.6.0_24]
>         at java.lang.ClassLoader.defineClass(ClassLoader.java:616) [:1.6.0_24]
>         at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) [:1.6.0_24]
>         at java.net.URLClassLoader.defineClass(URLClassLoader.java:283) [:1.6.0_24]
>         at java.net.URLClassLoader.access$000(URLClassLoader.java:58) [:1.6.0_24]
>         at java.net.URLClassLoader$1.run(URLClassLoader.java:197) [:1.6.0_24]
>         at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:190) [:1.6.0_24]
>         at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:135) [:6.0.0.Final]
>         at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:67) [:6.0.0.Final]
>         at org.jboss.web.tomcat.service.TomcatInjectionContainer.newInstance(TomcatInjectionContainer.java:278) [:6.0.0.Final]
> It would appear two instances of the platforms.jsp page, executed concurrently, both try to create the missing 'page-loggedIn.tag' at the same time. This is a regression from JBoss AS 5.1.0 which could handle building JSPs concurrently (and under load) without problem. Note we are using a shared JSP tagfile (in /WEB-INF/tags).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list