Return-Path: Delivered-To: apmail-jakarta-commons-dev-archive@www.apache.org Received: (qmail 66837 invoked from network); 6 Oct 2003 18:11:55 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 6 Oct 2003 18:11:55 -0000 Received: (qmail 95918 invoked by uid 500); 6 Oct 2003 18:11:42 -0000 Delivered-To: apmail-jakarta-commons-dev-archive@jakarta.apache.org Received: (qmail 95843 invoked by uid 500); 6 Oct 2003 18:11:42 -0000 Mailing-List: contact commons-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Jakarta Commons Developers List" Reply-To: "Jakarta Commons Developers List" Delivered-To: mailing list commons-dev@jakarta.apache.org Received: (qmail 95822 invoked from network); 6 Oct 2003 18:11:41 -0000 Received: from unknown (HELO hogshead.codehaus.org) (66.216.68.111) by daedalus.apache.org with SMTP; 6 Oct 2003 18:11:41 -0000 Received: from hogshead.codehaus.org (hogshead.codehaus.org [66.216.68.111]) by hogshead.codehaus.org (8.11.6/8.11.6) with ESMTP id h96IXRU27039 for ; Mon, 6 Oct 2003 13:33:27 -0500 Message-ID: <30996601.1065465207835.JavaMail.orion@hogshead.codehaus.org> Date: Mon, 6 Oct 2003 13:33:27 -0500 (CDT) From: jira@codehaus.org To: commons-dev@jakarta.apache.org Subject: [jira] Commented: (JELLY-90) SecurityException when using Jelly in applet or JAWS sandbox Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N The following comment has been added to this issue: Author: Paul Libbrecht Created: Mon, 6 Oct 2003 1:33 PM Body: May I add, that, indeed, there seems to be a principle at several places of the jelly code to ignore security exceptions (James has made comments on that). It would be worth even bringing this within the documentation. Consider this as a vote... we need to ping the appropriate people. Paul --------------------------------------------------------------------- View the issue: http://jira.codehaus.org/secure/ViewIssue.jspa?key=JELLY-90 Here is an overview of the issue: --------------------------------------------------------------------- Key: JELLY-90 Summary: SecurityException when using Jelly in applet or JAWS sandbox Type: Bug Status: Unassigned Priority: Major Time Spent: Unknown Remaining: 5 minutes Project: jelly Components: core / taglib.core Assignee: Reporter: Scott Howlett Created: Mon, 6 Oct 2003 11:32 AM Updated: Mon, 6 Oct 2003 11:32 AM Description: Using Jelly in a sandboxed Java Web Start application or an applet raises a SecurityException because a JellyContext calls system.getProperties() when it is initialized to set up the "systemScope" context variable. Placing that statement inside a try / catch block that swallows the SecurityException solves the problem for me. Of course this means that "systemScope" is unavailable in these contexts, but that seems to be a fair compromise, especially since findVariable() does a System.getProperty() as a last resort anyway (and this one *is* properly encased in a block that catches SecurityException). The relevant bit of code is JellyContext.init: private void init() { variables.put("context", this); try { variables.put("systemScope", System.getProperties()); } catch (SecurityException e) { // ignore security exceptions } } --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: commons-dev-help@jakarta.apache.org