tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 36228] New: - (request.getHeaders(key)).nextElement() needs additional Permissions
Date Wed, 17 Aug 2005 14:23:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36228>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36228

           Summary: (request.getHeaders(key)).nextElement()  needs
                    additional Permissions
           Product: Tomcat 5
           Version: 5.5.9
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: gernot.pfingstl@stmk.gv.at


Running tomcat with security manager "(request.getHeaders(key)).nextElement()"
will cause following exception:

java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.buf)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at org.apache.tomcat.util.buf.StringCache.toString(StringCache.java:282)
        at org.apache.tomcat.util.buf.ByteChunk.toString(ByteChunk.java:461)
        at org.apache.tomcat.util.buf.MessageBytes.toString(MessageBytes.java:209)
        at
org.apache.tomcat.util.http.ValuesEnumerator.nextElement(MimeHeaders.java:423)

To work properly you have to add
"accessClassInPackage.org.apache.tomcat.util.buf" RuntimePermission.
Using the core servlet api should not require that internal tomcat packages have
to be exposed to the webapp.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message