Ivy
  1. Ivy
  2. IVY-1015

Flag to disable System property lookups by Ivy

    Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0, 1.1, 1.2, 1.3, 1.3.1, 1.4, 1.4.1, 2.0.0-alpha-1, 2.0.0-alpha-2, 2.0.0-beta-1, 2.0.0-beta-2, 2.0-RC1, 2.0-RC2, 2.0
    • Fix Version/s: 2.1.0-RC1
    • Component/s: None
    • Labels:
      None

      Description

      When configuring Ivy through IvySettings, a call to System.getProperties() is made.

      System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:

      java.security.AccessControlException: access denied
      (java.util.PropertyPermission * read,write)
      java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
      java.security.AccessController.checkPermission(AccessController.java:546)
      java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
      java.lang.System.getProperties(System.java:582)
      org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
      org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
      org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)

      Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.

      Ivy could be made more web app friendly by providing a flag to disable System property lookups.

      It would be useful to configure this flag through API on the IvySettings class.

      Any other usage of system properties outside of the IvySettings file should also be controllable.

        Activity

        Maarten Coene made changes -
        Fix Version/s 2.0.1 [ 12313696 ]
        Fix Version/s trunk [ 12313426 ]
        Xavier Hanin made changes -
        Fix Version/s trunk [ 12313426 ]
        Assignee Xavier Hanin [ xavier ]
        Fix Version/s 2.0.x [ 12313425 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Jeffrey Sinclair made changes -
        Field Original Value New Value
        Description When configuring Ivy through IvySettings, a call to System.getProperties() is made.

        System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:

        java.security.AccessControlException: access denied
        (java.util.PropertyPermission * read,write)
                java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
                java.security.AccessController.checkPermission(AccessController.java:546)
                java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
                java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
                java.lang.System.getProperties(System.java:582)
                org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
                org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
                org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)

        Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.

        Ivy could be made more web app friendly by providing a flag to disable System property lookups.

        It would be useful to configure this flag both through an ivy-settings xml file as well as through programmatic API on the IvySettings class.

        Any other usage of system properties outside of the IvySettings file should also be controllable.
        When configuring Ivy through IvySettings, a call to System.getProperties() is made.

        System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:

        java.security.AccessControlException: access denied
        (java.util.PropertyPermission * read,write)
                java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
                java.security.AccessController.checkPermission(AccessController.java:546)
                java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
                java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
                java.lang.System.getProperties(System.java:582)
                org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
                org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
                org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)

        Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.

        Ivy could be made more web app friendly by providing a flag to disable System property lookups.

        It would be useful to configure this flag through API on the IvySettings class.

        Any other usage of system properties outside of the IvySettings file should also be controllable.
        Jeffrey Sinclair created issue -

          People

          • Assignee:
            Xavier Hanin
            Reporter:
            Jeffrey Sinclair
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development