tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony Bowesman <...@teamware.com>
Subject Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Date Mon, 21 May 2001 13:39:07 GMT
Thanks Marc, part of my problem was that JVM tries to load all files in
${java.home}/lib/ext as possible jar files regardless of file name. 
Your permission additions solve the rest!

Antony


Marc Saegesser wrote:
> 
> I added the permissions to the global list of permissions.  I've attached
> the most recent tomcat.policy file.
> 
> > -----Original Message-----
> > From: Antony Bowesman [mailto:adb@teamware.com]
> > Sent: Monday, May 21, 2001 12:49 AM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it
> > shipping?]
> >
> >
> > Marc Saegesser wrote:
> > >
> > > The null check is simple enough and its already been tested in 3.3
> > > so I feel comfortable making the change without a beta.  I'll commit
> > > the change today.
> >
> > Great, thanks!
> >
> > > Another question regarding using the security manager and JSP.  If
> > > I use the default tomcat.policy file I can't access any JSP pages
> > > because I get an access denied expcetion getting the line.separator
> > > property.  If I add
> > >
> > >    permission java.util.PropertyPermission "line.separator", "read";
> > >    permission java.util.PropertyPermission "file.separator", "read";
> > >
> > > to tomcat.policy the pages are served correctly.  Glenn, is there
> > > any problem adding these two lines to the default policy?  Am I
> > > missing something else?
> >
> > I've tested this but it ONLY works if you add these permissions with no
> > codeBase.  If you add them under the specified codeBase
> >
> > grant codeBase "file:${tomcat.home}/-"
> >
> > They still cause the access exception.  I have even tried the following
> > codeBases
> >
> > grant codeBase "file:c:/-"
> > grant codeBase "file:h:/-"
> >
> > with still the same exception.  Why doesn't it work??
> >
> > Rgds
> > Antony
> >
> > >
> > > > -----Original Message-----
> > > > From: Antony Bowesman [mailto:adb@teamware.com]
> > > > Sent: Friday, May 18, 2001 1:50 AM
> > > > To: tomcat-dev@jakarta.apache.org
> > > > Subject: Re: 3.2.2. When's it shipping?
> > > >
> > > >
> > > > Marc Saegesser wrote:
> > > > >
> > > > > I bloody hope so.
> > > > >
> > > > > Here's the plan.  Beta 5 was released on Friday, May 11.  This beta
> > > > > cycle is planned for one week.  Unless someone reports a show
> > > > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > > > I'll call release vote on tomcat-dev.  This vote lasts for one week
> > > > > and every committer gets to vote. A public release vote is open for
> > > > > one week.  So, the best case right now is May 28th.
> > > >
> > > > Not sure if this would be a showstopper however, there is a bug in
> > > > jasper/runtime/JspFactoryImpl.java which causes a
> > NullPointerException.
> > > > Fixed in 3.3 but not in 3.2.2
> > > >
> > > > I'm relatively new to tomcat so am not sure of the bug
> > reporting process
> > > > but I sent report of a bug to this list a couple of days ago.
> > > >
> > > > Just tested it with b5 - bug still exists.
> > > >
> > > > tomcat run -security
> > > >
> > > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> > > >
> > > > due to no check for pageContext == null in releasePageContext
> > > >
> > > > This is fixed in 3.3
> > > >
> > > > if (pc == null) return
> > > >
> > > > Rgds
> > > > Antony
> > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > > > To: tomcat-dev@jakarta.apache.org
> > > > > > Subject: 3.2.2. When's it shipping?
> > > > > >
> > > > > >
> > > > > > What is the current state of 3.2.2 development? Is it going
to
> > > > > > ship any time
> > > > > > soon?
> > > > > >
> > > > > > Dave.
> > > > > > Dave@JungleMoss.com
> > > > > >

Mime
View raw message