tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 64488] EL API: AccessControlException -- Import Handler
Date Tue, 02 Jun 2020 15:11:01 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=64488

--- Comment #2 from Konstantin Kolinko <knst.kolinko@gmail.com> ---
(In reply to volosied+apache from comment #0)
> Permission: 
> ("java.io.FilePermission"
> "/Library/Java/JavaVirtualMachines/adoptopenjdk-8-openj9.jdk/Contents/Home/
> jre/lib/rt.jar" "read")

How does it happen that it does not have a read permission for "rt.jar"?

In your case (looking at the proposed patch - attachment 37286) it is a
getResource() call that is blocked by lacking permissions. Does it mean that
not only loading of resources, but loading classes from rt.jar is blocked as
well? Why? For what purpose? (*)

Is it a real-world configuration? Why is it configured like that?


(*) E.g. looking a 'loadClass(name)' call a few lines later just below the code
affected by the patch - at ImportHandler line 463. - Will it fail?


(In reply to Mark Thomas from comment #1)
> If you can provide the simplest possible JSP that triggers this issue on a
> clean Tomcat 10 install we can take a look.

+1

I would like to see steps and code that are sufficient to reproduce the
behaviour.

(From your stack trace I guess that you are running a JSP page, but not from
within Apache Tomcat.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message