On 18/10/2016 13:34, Uwe Schindler wrote:
Hi,
Thanks Alan for the clarification and the documentation fixes! This does not solve the
"returns null if not found or otherwise denied" issue, but this is a problem
from the early Java days, which cannot be fixed anymore (to throw useful Exception if
resource not found).
We can't change long standing behavior, also there are can be security
concerns with revealing whether a resource exists.
To fix our own code (we also have some getResource[AsStream]() calls in
Lucene's codebase without doPrivileged), I opened the following issue:
https://issues.apache.org/jira/browse/LUCENE-7502
We cannot fix this in 3rd party JARs, so we cannot remove our extra permission.
Nevertheless, the "original" issue with the symlinked home directory should be
solved separately. I made a proposal to Max (Weijun Wang) how to fix this while reading
the policy file. We fixed the problem locally by fixing the Jenkins User account running
the tests to not have a symlinked user.home dir anymore.
I will leave this to Max to answer.
-Alan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
