Uploaded image for project: 'MyFaces Core'
  1. MyFaces Core
  2. MYFACES-4540

Missing doPriv in WebXmlParser

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 4.0.0-RC2, 4.0.0-RC3
    • 4.0.0-RC4
    • General
    • None

    Description

      The following AccessControlException can occur when Java2 Security is enabled with MyFaces 4.0:

       

       ("java.io.FilePermission" "...\server\apps\expanded\test.war\WEB-INF\web.xml" "read")
        Stack: 
        java.security.AccessControlException: Access denied ("java.io.FilePermission" "...\server\apps\expanded\test.war\WEB-INF\web.xml"
            "read")java.base/java.security.AccessController.throwACE(AccessController.java:176)
        java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:238)
        java.base/java.security.AccessController.checkPermission(AccessController.java:385)
        java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
        com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45)
        java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661)
        java.base/java.io.File.isDirectory(File.java:856)
        java.base/sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:78)
        java.base/sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:184)
        java.base/java.net.URL.openStream(URL.java:1165)
        <unknown class>.toDocument(WebXmlParser.java:192)
        <unknown class>.getWebXmlErrorPages(WebXmlParser.java:112)
        <unknown class>.getErrorPages(WebXmlParser.java:84)
        <unknown class>.isErrorPagePresent(DefaultWebConfigProvider.java:43)
        <unknown class>.init(MyFacesExceptionHandlerWrapperImpl.java:92)
        <unknown class>.init(MyFacesExceptionHandlerWrapperImpl.java:77)
        <unknown class>.getUnhandledExceptionQueuedEvents(MyFacesExceptionHandlerWrapperImpl.java:171)
        <unknown class>.getUnhandledExceptionQueuedEvents(ExceptionHandlerWrapper.java:65)
        <unknown class>.getUnhandledExceptionQueuedEvents(ExceptionHandlerWrapper.java:65)
        <unknown class>.handle(TestExceptionHandler.java:34)
        <unknown class>.executePhase(LifecycleImpl.java:193)
        <unknown class>.execute(LifecycleImpl.java:125)
        <unknown class>.service(FacesServlet.java:223)
        <unknown class>.service(ServletWrapper.java:1258)

      The occurs when 

      url.openStream()

      is called which eventually calls into: https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/File.html#isDirectory()

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #470

          Activity

            People

              paul.nicolucci Paul Nicolucci
              paul.nicolucci Paul Nicolucci
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: