tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: [VOTE] Release build 5.5.27
Date Wed, 03 Sep 2008 17:38:13 GMT
George Sexton wrote:
> For me this is a critical error. Tomcat 5.5.26 and 5.5.27 don't work 
> when run under the security manager.
> It's really not a trivial corner case. Did you look at my stack trace 
> from Saturday? Trying to open a socket in one part of my code triggered 
> the bug. The class loader is looking for a in 
> context/WEB-INF/classes and it's bombing.
> I'm really not trying to be overly picky here, but if the whole security 
> manager functionality is broken, that's a pretty big thing. The fact 
> that it was broken in the last release, and will be broken in the new 
> release is even worse.
>  From now until the NEXT release is created, people will be posting it 
> as a bug, which will then get marked RESOLVED, INVALID. They will then 
> re-open and wonder why it was closed. It will then be explained that the 
> fix is in CVS and that's why it was closed. The end user will then want 
> to know when the release with the fix will be present.
> Whatever. I've made my opinion known. If the release gets done with the 
> bug still in it, then I'm a big enough boy to apply the patch and 
> re-compile it so things work.

As far as I understand the issue, the solution is to use the correct 
security manager profile. In catalina.policy there is already a comment 
how to do that (search for "per context logging").

Even with Marks patch (or with his plus mine), there would still be the 
problem of the container not able to read from a 
context without giving it permissions. The only difference that the 
patch makes, is that it swallows the exception resp. logs it.

Can you shortly describe

- if adding the correct configuration to catalina.policy fixes your problem

- why not having those lines breaks your application and this breakage 
is not happening with the patch? Is it because the 
AccessControlException is not caught?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message