tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Saegesser" <marc.saeges...@apropos.com>
Subject RE: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Date Mon, 21 May 2001 13:31:12 GMT
I added the permissions to the global list of permissions.  I've attached
the most recent tomcat.policy file.

> -----Original Message-----
> From: Antony Bowesman [mailto:adb@teamware.com]
> Sent: Monday, May 21, 2001 12:49 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it
> shipping?]
>
>
> Marc Saegesser wrote:
> >
> > The null check is simple enough and its already been tested in 3.3
> > so I feel comfortable making the change without a beta.  I'll commit
> > the change today.
>
> Great, thanks!
>
> > Another question regarding using the security manager and JSP.  If
> > I use the default tomcat.policy file I can't access any JSP pages
> > because I get an access denied expcetion getting the line.separator
> > property.  If I add
> >
> >    permission java.util.PropertyPermission "line.separator", "read";
> >    permission java.util.PropertyPermission "file.separator", "read";
> >
> > to tomcat.policy the pages are served correctly.  Glenn, is there
> > any problem adding these two lines to the default policy?  Am I
> > missing something else?
>
> I've tested this but it ONLY works if you add these permissions with no
> codeBase.  If you add them under the specified codeBase
>
> grant codeBase "file:${tomcat.home}/-"
>
> They still cause the access exception.  I have even tried the following
> codeBases
>
> grant codeBase "file:c:/-"
> grant codeBase "file:h:/-"
>
> with still the same exception.  Why doesn't it work??
>
> Rgds
> Antony
>
> >
> > > -----Original Message-----
> > > From: Antony Bowesman [mailto:adb@teamware.com]
> > > Sent: Friday, May 18, 2001 1:50 AM
> > > To: tomcat-dev@jakarta.apache.org
> > > Subject: Re: 3.2.2. When's it shipping?
> > >
> > >
> > > Marc Saegesser wrote:
> > > >
> > > > I bloody hope so.
> > > >
> > > > Here's the plan.  Beta 5 was released on Friday, May 11.  This beta
> > > > cycle is planned for one week.  Unless someone reports a show
> > > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > > I'll call release vote on tomcat-dev.  This vote lasts for one week
> > > > and every committer gets to vote. A public release vote is open for
> > > > one week.  So, the best case right now is May 28th.
> > >
> > > Not sure if this would be a showstopper however, there is a bug in
> > > jasper/runtime/JspFactoryImpl.java which causes a
> NullPointerException.
> > > Fixed in 3.3 but not in 3.2.2
> > >
> > > I'm relatively new to tomcat so am not sure of the bug
> reporting process
> > > but I sent report of a bug to this list a couple of days ago.
> > >
> > > Just tested it with b5 - bug still exists.
> > >
> > > tomcat run -security
> > >
> > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> > >
> > > due to no check for pageContext == null in releasePageContext
> > >
> > > This is fixed in 3.3
> > >
> > > if (pc == null) return
> > >
> > > Rgds
> > > Antony
> > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > > To: tomcat-dev@jakarta.apache.org
> > > > > Subject: 3.2.2. When's it shipping?
> > > > >
> > > > >
> > > > > What is the current state of 3.2.2 development? Is it going to
> > > > > ship any time
> > > > > soon?
> > > > >
> > > > > Dave.
> > > > > Dave@JungleMoss.com
> > > > >
>
> --
> Antony Bowesman
> Teamware Group
> adb@teamware.com
> tel: +358 9 5128 2562
> fax: +358 9 5128 2705

Mime
View raw message