commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@codehaus.org
Subject [jira] Commented: (JELLY-90) SecurityException when using Jelly in applet or JAWS sandbox
Date Mon, 06 Oct 2003 18:33:27 GMT
The following comment has been added to this issue:

     Author: Paul Libbrecht
    Created: Mon, 6 Oct 2003 1:33 PM
       Body:
May I add, that, indeed, there seems to be a principle at several places of the jelly code
to ignore security exceptions (James has made comments on that).
It would be worth even bringing this within the documentation.

Consider this as a vote... we need to ping the appropriate people.
Paul
---------------------------------------------------------------------
View the issue:

  http://jira.codehaus.org/secure/ViewIssue.jspa?key=JELLY-90


Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JELLY-90
    Summary: SecurityException when using Jelly in applet or JAWS sandbox
       Type: Bug

     Status: Unassigned
   Priority: Major

 Time Spent: Unknown
  Remaining: 5 minutes

    Project: jelly
 Components: 
             core / taglib.core

   Assignee: 
   Reporter: Scott Howlett

    Created: Mon, 6 Oct 2003 11:32 AM
    Updated: Mon, 6 Oct 2003 11:32 AM

Description:
Using Jelly in a sandboxed Java Web Start application or an applet raises a SecurityException
because a JellyContext calls system.getProperties() when it is initialized to set up the "systemScope"
context variable.

Placing that statement inside a try / catch block that swallows the SecurityException solves
the problem for me.

Of course this means that "systemScope" is unavailable in these contexts, but that seems to
be a fair compromise, especially since findVariable() does a System.getProperty() as a last
resort anyway (and this one *is* properly encased in a block that catches SecurityException).

The relevant bit of code is JellyContext.init:

    private void init() {
        variables.put("context", this);
        try {
            variables.put("systemScope", System.getProperties());
        }
        catch (SecurityException e) {
            // ignore security exceptions
        }
    }    



---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message