Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 24358 invoked by uid 500); 21 May 2001 13:39:57 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 24300 invoked from network); 21 May 2001 13:39:52 -0000 Message-ID: <3B091A7B.7F6A0A22@teamware.com> Date: Mon, 21 May 2001 16:39:07 +0300 From: Antony Bowesman X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en,fi MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?] References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Thanks Marc, part of my problem was that JVM tries to load all files in ${java.home}/lib/ext as possible jar files regardless of file name. Your permission additions solve the rest! Antony Marc Saegesser wrote: > > I added the permissions to the global list of permissions. I've attached > the most recent tomcat.policy file. > > > -----Original Message----- > > From: Antony Bowesman [mailto:adb@teamware.com] > > Sent: Monday, May 21, 2001 12:49 AM > > To: tomcat-dev@jakarta.apache.org > > Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it > > shipping?] > > > > > > Marc Saegesser wrote: > > > > > > The null check is simple enough and its already been tested in 3.3 > > > so I feel comfortable making the change without a beta. I'll commit > > > the change today. > > > > Great, thanks! > > > > > Another question regarding using the security manager and JSP. If > > > I use the default tomcat.policy file I can't access any JSP pages > > > because I get an access denied expcetion getting the line.separator > > > property. If I add > > > > > > permission java.util.PropertyPermission "line.separator", "read"; > > > permission java.util.PropertyPermission "file.separator", "read"; > > > > > > to tomcat.policy the pages are served correctly. Glenn, is there > > > any problem adding these two lines to the default policy? Am I > > > missing something else? > > > > I've tested this but it ONLY works if you add these permissions with no > > codeBase. If you add them under the specified codeBase > > > > grant codeBase "file:${tomcat.home}/-" > > > > They still cause the access exception. I have even tried the following > > codeBases > > > > grant codeBase "file:c:/-" > > grant codeBase "file:h:/-" > > > > with still the same exception. Why doesn't it work?? > > > > Rgds > > Antony > > > > > > > > > -----Original Message----- > > > > From: Antony Bowesman [mailto:adb@teamware.com] > > > > Sent: Friday, May 18, 2001 1:50 AM > > > > To: tomcat-dev@jakarta.apache.org > > > > Subject: Re: 3.2.2. When's it shipping? > > > > > > > > > > > > Marc Saegesser wrote: > > > > > > > > > > I bloody hope so. > > > > > > > > > > Here's the plan. Beta 5 was released on Friday, May 11. This beta > > > > > cycle is planned for one week. Unless someone reports a show > > > > > stopping bug, and so far I haven't seen one, on Friday, May 18th. > > > > > I'll call release vote on tomcat-dev. This vote lasts for one week > > > > > and every committer gets to vote. A public release vote is open for > > > > > one week. So, the best case right now is May 28th. > > > > > > > > Not sure if this would be a showstopper however, there is a bug in > > > > jasper/runtime/JspFactoryImpl.java which causes a > > NullPointerException. > > > > Fixed in 3.3 but not in 3.2.2 > > > > > > > > I'm relatively new to tomcat so am not sure of the bug > > reporting process > > > > but I sent report of a bug to this list a couple of days ago. > > > > > > > > Just tested it with b5 - bug still exists. > > > > > > > > tomcat run -security > > > > > > > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java > > > > > > > > due to no check for pageContext == null in releasePageContext > > > > > > > > This is fixed in 3.3 > > > > > > > > if (pc == null) return > > > > > > > > Rgds > > > > Antony > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com] > > > > > > Sent: Thursday, May 17, 2001 12:54 PM > > > > > > To: tomcat-dev@jakarta.apache.org > > > > > > Subject: 3.2.2. When's it shipping? > > > > > > > > > > > > > > > > > > What is the current state of 3.2.2 development? Is it going to > > > > > > ship any time > > > > > > soon? > > > > > > > > > > > > Dave. > > > > > > Dave@JungleMoss.com > > > > > >