| Summary: | Streamline package.access property definition in catalina.properties | ||
|---|---|---|---|
| Product: | Tomcat 7 | Reporter: | Owen Farrell <owen.farrell> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | ||
| Priority: | P2 | ||
| Version: | trunk | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: | catalina.properties Modifications | ||
Thanks for the patch. It has been applied to 7.0.x and will be included in 7.0.6 onwards. |
Created attachment 25804 [details] catalina.properties Modifications The package.access property defined in catalina.properties stipulates a restrictions on both 'sun.' packages and 'sun.beans.' packages. However, the latter restriction is implied based on the broader 'sun.' package restriction. Additionally, the failsafe field defined in org.apache.catalina.security.SecurityConfig does not include sun.beans in the default list of package access restrictions. I would think that the default property file should match the failsafe SecurityConfig field.