[JELLY-90] SecurityException when using Jelly in applet or JAWS sandbox - ASF JIRA

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0-beta-4
Component/s: core / taglib.core
Labels:
None

Description

Using Jelly in a sandboxed Java Web Start application or an applet raises a SecurityException because a JellyContext calls system.getProperties() when it is initialized to set up the "systemScope" context variable.

Placing that statement inside a try / catch block that swallows the SecurityException solves the problem for me.

Of course this means that "systemScope" is unavailable in these contexts, but that seems to be a fair compromise, especially since findVariable() does a System.getProperty() as a last resort anyway (and this one is properly encased in a block that catches SecurityException).

The relevant bit of code is JellyContext.init:

private void init() {
variables.put("context", this);
try

{ variables.put("systemScope", System.getProperties()); }

catch (SecurityException e)

{ // ignore security exceptions }

}

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Scott Howlett

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 06/Oct/03 18:32

Updated:: 12/Aug/04 07:36

Resolved:: 12/Aug/04 07:36

Time Tracking

Estimated:

Remaining:

Logged:

SecurityException when using Jelly in applet or JAWS sandbox