DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10902>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10902 "package.access" security check too general for Jasper - precompiled JSPs get package-access violation ------- Additional Comments From [EMAIL PROTECTED] 2002-07-18 17:45 ------- Yes, adding the line permission java.lang.RuntimePermission "accessPackageInClass.org.apache.jasper.runtime."; to the security policy makes the problem go away. Yes, in the mean time, please add this fix into the default Tomcat security policy. If that's the case, you may be able to pull out the logic in JspServlet that dynamically grants code blocks this permission for each servlet context JspServlet is executed in (at init time). As an aside, Tomcat can be more specific about which jasper/jsp packages it adds to the "package.access" check list, but this will require more maintenance down the road as jasper/jsp package names change. However, what sounds cleanest long-term (but obviously requires more work) is to reorganize the Jasper/JSP classes into appropriate packages that Tomcat can add "package.access" restrictions to w/o having to grant any special package access privileges in the security policy. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
