Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 85776 invoked by uid 500); 21 May 2001 05:49:39 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 85754 invoked from network); 21 May 2001 05:49:38 -0000 Message-ID: <3B08AC52.FC956182@teamware.com> Date: Mon, 21 May 2001 08:49:06 +0300 From: Antony Bowesman X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en,fi MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?] References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Marc Saegesser wrote: > > The null check is simple enough and its already been tested in 3.3 > so I feel comfortable making the change without a beta. I'll commit > the change today. Great, thanks! > Another question regarding using the security manager and JSP. If > I use the default tomcat.policy file I can't access any JSP pages > because I get an access denied expcetion getting the line.separator > property. If I add > > permission java.util.PropertyPermission "line.separator", "read"; > permission java.util.PropertyPermission "file.separator", "read"; > > to tomcat.policy the pages are served correctly. Glenn, is there > any problem adding these two lines to the default policy? Am I > missing something else? I've tested this but it ONLY works if you add these permissions with no codeBase. If you add them under the specified codeBase grant codeBase "file:${tomcat.home}/-" They still cause the access exception. I have even tried the following codeBases grant codeBase "file:c:/-" grant codeBase "file:h:/-" with still the same exception. Why doesn't it work?? Rgds Antony > > > -----Original Message----- > > From: Antony Bowesman [mailto:adb@teamware.com] > > Sent: Friday, May 18, 2001 1:50 AM > > To: tomcat-dev@jakarta.apache.org > > Subject: Re: 3.2.2. When's it shipping? > > > > > > Marc Saegesser wrote: > > > > > > I bloody hope so. > > > > > > Here's the plan. Beta 5 was released on Friday, May 11. This beta > > > cycle is planned for one week. Unless someone reports a show > > > stopping bug, and so far I haven't seen one, on Friday, May 18th. > > > I'll call release vote on tomcat-dev. This vote lasts for one week > > > and every committer gets to vote. A public release vote is open for > > > one week. So, the best case right now is May 28th. > > > > Not sure if this would be a showstopper however, there is a bug in > > jasper/runtime/JspFactoryImpl.java which causes a NullPointerException. > > Fixed in 3.3 but not in 3.2.2 > > > > I'm relatively new to tomcat so am not sure of the bug reporting process > > but I sent report of a bug to this list a couple of days ago. > > > > Just tested it with b5 - bug still exists. > > > > tomcat run -security > > > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java > > > > due to no check for pageContext == null in releasePageContext > > > > This is fixed in 3.3 > > > > if (pc == null) return > > > > Rgds > > Antony > > > > > > > > > -----Original Message----- > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com] > > > > Sent: Thursday, May 17, 2001 12:54 PM > > > > To: tomcat-dev@jakarta.apache.org > > > > Subject: 3.2.2. When's it shipping? > > > > > > > > > > > > What is the current state of 3.2.2 development? Is it going to > > > > ship any time > > > > soon? > > > > > > > > Dave. > > > > Dave@JungleMoss.com > > > > -- Antony Bowesman Teamware Group adb@teamware.com tel: +358 9 5128 2562 fax: +358 9 5128 2705