hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shevek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5740) Hadoop JSP pages don't work under a security manager
Date Fri, 24 Apr 2009 19:54:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12702510#action_12702510

Shevek commented on HADOOP-5740:

IIRC from my (once reasonable) knowledge of the Java security API, no assumptions are made
by the Java security implementation about _any_ returned value from any implementation of
Policy, and (importantly for my previous work) the Policy is even free to return different
values on each call. In contrast with (almost all) formal analyses of the model, the methods
aren't even guaranteed to be called, depending on the dynamic context of the security check.

Although I agree with the linked mail that Sun definitely changed the world, I suspect making
assumptions about the behaviour of methods on Policy is dangerous. :-)

> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>                 Key: HADOOP-5740
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5740
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: fs, mapred
>    Affects Versions: 0.21.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
> When you run Hadoop under a security manager that says "yes" to all security checks,
you get stack traces when Jetty tries to initialise the JSP engine. Which implies you can't
use Jasper under a security manager

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message