tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32180] New: - EL functions are executed in privileged context
Date Thu, 11 Nov 2004 12:43:33 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32180>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32180

EL functions are executed in privileged context

           Summary: EL functions are executed in privileged context
           Product: Tomcat 5
           Version: 5.5.4
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Jasper
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sami.pajunen@almare.com


When tomcat is run with SecurityManager enabled all defined EL functions are
executed in privileged AccessControlContext by
PageContextImpl.proprietaryEvaluate() method.

This causes problems when EL functions perform actions that require checking of
permissions or need to access currently executing Subject.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message