tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 30832] New: - Loading resources from a .jar-file requires file-write permission if SecurityManager is installed
Date Tue, 24 Aug 2004 17:20:31 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30832>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30832

Loading resources from a .jar-file requires file-write permission if SecurityManager is installed

           Summary: Loading resources from a .jar-file requires file-write
                    permission if SecurityManager is installed
           Product: Tomcat 5
           Version: 5.0.27
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: mario.winterer@scch.at


When requesting a resource by calling "Class.getResourceAsStream(...)", and 
the requested resource is stored in a .jar file, the 
org.apache.catalina.loader.WebappClassLoader extracts it into the working-
directory (see method findResourceInternal) and returns the extracted resource.

This is OK, but:
If this is done when Tomcat is running under a SecurityManager, an 
AccessControlException is thrown, if the web-application has no permission to 
write into the working-directory!

Suggestion: Run the critical part as privileged action.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message