tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: DO NOT REPLY [Bug 13907] - security manager does not give read permission on a context by default
Date Thu, 24 Oct 2002 19:06:18 GMT


Aditya wrote:

>Glenn,
>
>On Thu, Oct 24, 2002 at 10:03:47AM -0000, bugzilla@apache.org wrote:
>  
>
>>This must be a problem in your local system configuration.
>>Check the unix file ownerhsip and permissions for test2.new.
>>    
>>
>
>I've done that and the fact is that it works fine without the security manager
>so it's not a unix file ownership and permissions problem.
>
>  
>
>>Also try running Tomcat with java property -Djava.security.debug=access,failure
>>defined and then check the security manager debug output.
>>    
>>
>
>yup, done that and the output has nothing more than the failure of read
>permissions.
>
>  
>
>>I just tested the jsp you posted with a fresh build of Tomcat 4.1 from
>>the CVS head (What will be Tomcat 4.1.13) and Jasper 2.  The FilePermission
>>read for the context directory is being granted automatically and the JSP works.
>>    
>>
>
>I just read the 4.1.13 announcement from Remy and it has the following note:
>
> IMPORTANT NOTE: Security manager functionality is broken in this
> milestone. This will be fixed in the next milestone. This milestone will
> not be proposed for official release, and should be used for testing
> purposes only.
>
>so before I checkout a fresh copy from CVS, need I be worried about this?
>
No, this is not related to your problem. The SecurityManager in 4.1.13 
will throws security exception when you use:

HttpServletRequest.setContentType()
HttpServletRequest.getContentType()
HttpServletRequest.getParameters()
HttpServletRequest.getMimeHeaders()
HttpServletRequest.getCharacterEncoding()

HttpServletResponse.getContentType()
HttpServletResponse.setContentType()
HttpServetResponse.getHeaders()
HttpServetResponse..getHeader()

And it should *not*.

-- Jeanfrancois




>
>Thanks,
>Adi
>
>--
>To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
>
>
>  
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message