https://bz.apache.org/bugzilla/show_bug.cgi?id=60925
Bug ID: 60925 Summary: Running with SecurityManager - Property 'serverInfo' not found on type org.apache.catalina.core.ApplicationContextFacade Product: Tomcat 8 Version: 8.5.12 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: EL Assignee: dev@tomcat.apache.org Reporter: knst.koli...@gmail.com Target Milestone: ---- Created attachment 34884 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34884&action=edit localhost.2017-03-28.log Noted when smoke-testing 8.5.13 RC, but this is reproducible with released 8.5.12 as well, so it is not a regression. Steps to reproduce: 1. Start Tomcat 8.5 with security manager enabled catalina.bat start -security 2. Access the root page, http://localhost:8080/ It fails with error 500. Stacktrace from 8.5.13: javax.el.PropertyNotFoundException: Property 'serverInfo' not found on type org.apache.catalina.core.ApplicationContextFacade at javax.el.BeanELResolver$BeanProperties.get(BeanELResolver.java:259) at javax.el.BeanELResolver$BeanProperties.access$300(BeanELResolver.java:212) at javax.el.BeanELResolver.property(BeanELResolver.java:346) at javax.el.BeanELResolver.getValue(BeanELResolver.java:92) at org.apache.jasper.el.JasperELResolver.getValue(JasperELResolver.java:110) at org.apache.el.parser.AstValue.getValue(AstValue.java:169) at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:184) at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:944) at org.apache.jsp.index_jsp._jspService(index_jsp.java:155) See attached file with full stacktrace. Notes: 1. This does not happen when running without SecurityManager. 2. This does not depends on version of java (occurs both with 7u80 and 8u121). I have seen similar errors when we were fixing CVE-2014-7810 (see thread from 2014-11-17), but it should have been fixed by r1644017 that improved javax.el.BeanELResolver. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org