Mantis - Resin
Viewing Issue Advanced Details
1008 major always 03-22-06 12:31 08-21-06 15:27  
closed 3.0.18  
none 3.0.22  
0001008: Problems running jspwiki - Professional Licence
I have a Reson Professional Licence, I'd like some help with this please.

Can't run jspwiki [^] [^]

I have verified this. [^]

Its easy to replicate.

Works on Tomcat, doesn't with Resin 3.x, all out of the box, no customization.

07-30-06 16:46   
Hi. I'm the principal author of the security system for JSPWiki. I've traced the issue to a specific part of Resin, namely the com.caucho.vfs.JarPath. Specifcally, we rely on classes with custom Permission classes that (because they are custom) must be digitally signed. I've noticed that JarEntry(JarPath) creates CodeSource objects with a null Certificate[] parameter. What it should do is extract the certificates from the Jar and pass them to the new CodeSource object.

Looking at the source for JarPath and Jar (caucho), I'd recommend adding a Certificate[] getCertificates() method to both of these classes (JarPath delegates to Jar). Note that you have to read in the jar completely before its certificates are available.

Something like this for caucho's Jar/JarPath implementation would work nicely:

public Certificate getCertificates() {
      InputStream is = jar.getInputStream(entry);
      byte[] buf = new byte[1024];
      while ( > 0) {
      Certificate[] signingCerts = entry.getCertificates();
      return signingCerts;

Then, in the JarEntry constructor you'd simply have:

  JarEntry(JarPath jarPath)
    _jarPath = jarPath;
    Certificate[] certs = jarPath.getCertificates();
    try {
      _codeSource = new CodeSource(new URL(jarPath.getURL()),
                   (Certificate []) certs);
    } catch (Exception e) {
      log.log(Level.WARNING, e.toString(), e);


Short of attempting these fixes myself, I can't verify this is the exact formula that will work. But the solution is probably similar to this.

Contact me at andrew AT freshcookies DOT org if you want to discuss further; I tried setting up an account on Caucho's bugtracker but the e-mail system appears to be down.

Needless to say this is a showstopper issue for us; JSPWiki will simply not run at all on Resin until this is resolved. Thanks in advance for your help.

08-21-06 15:27   
Thanks for the help tracking this down.