[
https://issues.apache.org/jira/browse/HADOOP-5740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12702510#action_12702510
]
Shevek commented on HADOOP-5740:
--------------------------------
IIRC from my (once reasonable) knowledge of the Java security API, no
assumptions are made by the Java security implementation about _any_ returned
value from any implementation of Policy, and (importantly for my previous work)
the Policy is even free to return different values on each call. In contrast
with (almost all) formal analyses of the model, the methods aren't even
guaranteed to be called, depending on the dynamic context of the security
check.
Although I agree with the linked mail that Sun definitely changed the world, I
suspect making assumptions about the behaviour of methods on Policy is
dangerous. :-)
> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>
> Key: HADOOP-5740
> URL: https://issues.apache.org/jira/browse/HADOOP-5740
> Project: Hadoop Core
> Issue Type: Bug
> Components: fs, mapred
> Affects Versions: 0.21.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Minor
>
> When you run Hadoop under a security manager that says "yes" to all security
> checks, you get stack traces when Jetty tries to initialise the JSP engine.
> Which implies you can't use Jasper under a security manager
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
