Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-1081

Struts doesn't initialize under strict security manager

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Incomplete
    • Affects Version/s: 1.1 Beta 3
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Operating System: All
      Platform: PC
    • Bugzilla Id:
      15736

      Description

      (NOTE: Version is 1.1 Beta 3, not yet available here)

      As of ActionServlet revision 1.138, Struts fails to initialize when deployed on
      J2EE-RI 1.3.1, which employs quite strict security restrictions. More
      preceisely, the problem surfaces when trying to use the Validator plugin, I
      haven't tested other plugins.

      See:
      http://cvs.apache.org/viewcvs.cgi/jakarta-struts/src/share/org/apache/struts/action/ActionServlet.java.diff?r1=1.137&r2=1.138&diff_format=h

      The exact problem seems to be that BeanUtils is trying to call setAccessible()
      on the method that is not found on the ValidatorPlugin, which triggers an
      AccessControlException to be thrown.

      The attempted solution with revision 1.139 doesn't fix the problem, because
      BeanUtils.setProperty() doesn't throw a NoSuchMethodException but rather a
      security related exception.

      This problem should be easily reproducable by trying to deploy and run the
      Validator example web-app under the J2EE-RI server 1.3.1, without the default
      configuration.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cmlenz Christopher Lenz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: