tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 64488] EL API: AccessControlException -- Import Handler
Date Tue, 02 Jun 2020 15:11:01 GMT

--- Comment #2 from Konstantin Kolinko <> ---
(In reply to volosied+apache from comment #0)
> Permission: 
> (""
> "/Library/Java/JavaVirtualMachines/adoptopenjdk-8-openj9.jdk/Contents/Home/
> jre/lib/rt.jar" "read")

How does it happen that it does not have a read permission for "rt.jar"?

In your case (looking at the proposed patch - attachment 37286) it is a
getResource() call that is blocked by lacking permissions. Does it mean that
not only loading of resources, but loading classes from rt.jar is blocked as
well? Why? For what purpose? (*)

Is it a real-world configuration? Why is it configured like that?

(*) E.g. looking a 'loadClass(name)' call a few lines later just below the code
affected by the patch - at ImportHandler line 463. - Will it fail?

(In reply to Mark Thomas from comment #1)
> If you can provide the simplest possible JSP that triggers this issue on a
> clean Tomcat 10 install we can take a look.


I would like to see steps and code that are sufficient to reproduce the

(From your stack trace I guess that you are running a JSP page, but not from
within Apache Tomcat.)

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message