#824 ✓wontfix
nicmarti

Dependencies in module PDF-0.2 gets loaded before Play! framework libraries

Reported by nicmarti | May 12th, 2011 @ 07:53 AM | in 1.3 (closed)

Play! Framework will load some classes from PDF libs module subfolder instead of framework libs.

I discovered this issue with OpenID : my users can't authenticate anymore on my application. The reason is that I recently added a new feature that use PDF module. When this module is active, since it bundles some libraries such as XML/SAX/DOM utilities, it crashes.

Framework version: 1.1, 1.1.1 and 1.2
Platform you're using: macos and playapps

Reproduction steps:
- create a new application - copy/paste the OpenID play! sample in this new application - authenticate on a secure HTTPS OpenID provider such as Google : https://www.google.com/accounts/o8/id - it works - stop the application - install the PDF module on your application - add-it to application.conf - restart - try to authenticate on Google : it won't work

If you want to remove the pdf module:
- comment-out the pdf module in your application.conf - stop your app - do a "play clean" (else it won't work) - restart the app and the openID will work

Diagnostic and possible reason:
This error is due to a classpath issue with some XML/SAX/DOM libraries in the PDF-0.2 libs folder that are loaded before the default Play! libraries. What is not expected is that the module classpath has a higher priority than the default Play! Framework libs folder. Thus, one can corrupt its Play! setup with a bad library. There's no classloader isolation between the module and the core play! framework application.

If one starts its application with "play run -verbose:class" it is then easy to see that Play! loads some dependencies not from Play! Framework lib but from the module libs/ subfolder.

I attached the verbose classloader output with/without the PDF module activated.
Chec the classloader activity

I don't really know how to fix this issue.
If a user creates a module and has to configure a dedicated classloader for a specific set of jars, it should not impact Play! Framework

Thanks

Nicolas Martignole

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2>Play framework</h2>

Play makes it easier to build Web applications with Java. It is a clean alternative to bloated Enterprise Java stacks. It focuses on developer productivity and targets RESTful architectures. Learn more on the <a href="http://www.playframework.org">http://www.playframework.org</a> website.<br><br>

<h2>Source code is hosted on github</h2>Check out our repository at <a href="http://github.com/playframework/play">http://github.com/playframework/play</a><br><br>

<h2>Contributing, creating a patch</h2> Please read the <a href="http://play.lighthouseapp.com/projects/57987/contributor-guide">contributor guide</a><br><br>

<h2>Reporting Security Vulnerabilities</h2> Since all bug reports are public, please report any security vulnerability directly to <em>guillaume dot bort at gmail dot com</em>.<br><br>

<h2>Creating a bug report</h2> Bug reports are incredibly helpful, so take time to report bugs and request features in our ticket tracker. We’re always grateful for patches to Play’s code. Indeed, bug reports with attached patches will get fixed far quickly than those without any.<br><br>

Please include as much relevant information as possible including the exact framework version you're using and a code snippet that reproduces the problem.<br><br>

Don't have too much expectations. Unless the bug is really a serious "everything is broken" thing, you're creating a ticket to start a discussion. Having a patch (or a branch on Github we can pull from) is better, but then again we'll only pull high quality branches that make sense to be in the core of Play.

Attachments

Pages