struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Damian Blazejewski <damian.blazejew...@gmail.com>
Subject Re: Will I get sideeffects with: OgnlRuntime.setSecurityManager(null);
Date Tue, 26 Nov 2013 20:49:33 GMT
What is the access modifier of method WelcomeUserAction.setUsername()?

Pozdrawiam/Best regards,
Damian Błażejewski
dblazejewski.com


2013/11/26 Fredrik Andersson <fredand44@hotmail.com>

> Hello!
>
> (Hope this is the correct forum for this question)
>
>
>
> I get this error in my hello-world-struts2-webapp when I run it in my
> tomcat with the catalina.policy.
>
> (Btw my catalina.policy is edited a bit to match my production env:
> http://pastie.org/8510824)
>
>
>
> /-- Encapsulated exception ------------\
> java.lang.IllegalAccessException: Method [public void
> se.mycompany.web.actions.WelcomeUserAction.setUsername(java.lang.String)]
> cannot be accessed.
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:838)
> at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1280)
>
>
>
>
> I found this solution:
>
>
> https://groups.google.com/forum/#!msg/google-appengine-java/GQGLAxfyeBc/1NIfi8duNCEJ
>
>
>
> It suggest that a listener does:
>
> OgnlRuntime.setSecurityManager(null);
>
>
>
> In the doc for OgnlRuntime it says:
>
> Sets the SecurityManager that OGNL uses to determine permissions for
> invoking methods.
>
>
>
> But is this really a correct solution to set it to null?
>
> To me it doesn't sound good to have the securitymanager set to null, what
> security holes does that create?
>
>
>
> Could this be solved with some extra grants in the catalina.policy-file
> instead?
>
>
>
>
>
> Best regards
>
> Fredrik
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message