Summary: | DefaultAnnotationProcessor.processAnnotations should use doPrivileged to call getDeclaredFields | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Richard Evans <richard.evans> |
Component: | Jasper | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.18 | ||
Target Milestone: | default | ||
Hardware: | PC | ||
OS: | Windows Vista |
Description
Richard Evans
2008-10-27 05:44:55 UTC
This has been fixed in trunk and a patch (http://people.apache.org/~markt/patches/2008-10-27-bug46096.patch) proposed for 6.0.x As a temporary workround, I added a java.lang.RuntimePermission for JSPs to catalina.policy. I then had a different exception: java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285) at java.lang.System.getProperty(System.java:688) at org.apache.jasper.runtime.BodyContentImpl.<clinit>(BodyContentImpl.java:44) at org.apache.jasper.runtime.PageContextImpl.pushBody(PageContextImpl.java:717) at org.apache.jasper.runtime.PageContextImpl.pushBody(PageContextImpl.java:707) I think the property access in BodyContentImpl also needs to run in a privileged block. Or the class should be initialized at startup. This probably should be a different bug? Comment#2 looks like a configuration issue. The security policy already grants that permission to all code. This has been fixed in 6.0.x and will be in 6.0.19 onwards. |