beehive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Feit (JIRA)" <beehive-...@incubator.apache.org>
Subject [jira] Created: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager
Date Tue, 14 Jun 2005 21:07:49 GMT
Nested controls: cannot initialize a public control field when using a Java security manager
--------------------------------------------------------------------------------------------

         Key: BEEHIVE-815
         URL: http://issues.apache.org/jira/browse/BEEHIVE-815
     Project: Beehive
        Type: Bug
  Components: Controls  
    Versions: V1    
    Reporter: Rich Feit
     Fix For: TBD
 Attachments: jira815.zip

This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks"
is not set in the security policy.


Repro (the easiest way to reproduce this):
    - cd to $CATALINA_HOME/bin.

    - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories
with ones of your own):
       ---
       grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
       permission java.security.AllPermission;
       };
       grant codeBase "file:///c:/prog/jdk1.5.0/-"{
       permission java.security.AllPermission;
       };
       grant {
       permission java.util.PropertyPermission "*", "read";
       permission java.lang.RuntimePermission "accessDeclaredMembers";
       };
       ---

    - set the JAVA_OPTS environment variable:
        (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
        (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"

    - start tomcat:
        (windows) .\startup.bat
        (linux) ./startup.sh 

    - Overlay the attached page flow and controls onto a webapp, and deploy it to the running
tomcat.

    - Hit the page flow (/usecontrol/Controller.jpf):

EXPECTED: see the message "hello there" in the displayed page.
ACTUAL: a series of exceptions, with this root cause:

Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission
suppressAccessChecks)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
        at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
        ... 85 more

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message