Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 94174 invoked from network); 17 Aug 2005 14:23:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Aug 2005 14:23:30 -0000 Received: (qmail 37627 invoked by uid 500); 17 Aug 2005 14:23:24 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 37577 invoked by uid 500); 17 Aug 2005 14:23:23 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 37546 invoked by uid 99); 17 Aug 2005 14:23:23 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Aug 2005 07:23:22 -0700 Received: by ajax.apache.org (Postfix, from userid 99) id 19453E0; Wed, 17 Aug 2005 16:23:21 +0200 (CEST) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 36228] New: - (request.getHeaders(key)).nextElement() needs additional Permissions X-Bugzilla-Reason: AssignedTo Message-Id: <20050817142321.19453E0@ajax.apache.org> Date: Wed, 17 Aug 2005 16:23:21 +0200 (CEST) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=36228 Summary: (request.getHeaders(key)).nextElement() needs additional Permissions Product: Tomcat 5 Version: 5.5.9 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: gernot.pfingstl@stmk.gv.at Running tomcat with security manager "(request.getHeaders(key)).nextElement()" will cause following exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.buf) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265) at java.lang.ClassLoader.loadClass(ClassLoader.java:299) at java.lang.ClassLoader.loadClass(ClassLoader.java:299) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at org.apache.tomcat.util.buf.StringCache.toString(StringCache.java:282) at org.apache.tomcat.util.buf.ByteChunk.toString(ByteChunk.java:461) at org.apache.tomcat.util.buf.MessageBytes.toString(MessageBytes.java:209) at org.apache.tomcat.util.http.ValuesEnumerator.nextElement(MimeHeaders.java:423) To work properly you have to add "accessClassInPackage.org.apache.tomcat.util.buf" RuntimePermission. Using the core servlet api should not require that internal tomcat packages have to be exposed to the webapp. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org