https://bz.apache.org/bugzilla/show_bug.cgi?id=65332

            Bug ID: 65332
           Summary: AccessControlException when using Ant instead of ECJ
                    to compile JSPs at runtime
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Jasper
          Assignee: dev@tomcat.apache.org
          Reporter: csuth...@apache.org
  Target Milestone: -----

I have one user that doesn't have ECJ available for their Tomcat installation
and uses Ant to compile JSPs at runtime. Upon switching over to Java 11 they
found that they get access exceptions when trying to access their JSPs at
runtime. You can reproduce this with a vanilla install (instructions below),
but I don't think the fix I'm using is the best.

To reproduce:
1) Install Tomcat and Java 11 (or later)
2) Delete ecj*.jar from $CATALINA_HOME/lib/
3) Add ant.jar and ant-launcher.jar to your $CATALINA_HOME/bin/setenv.sh, per
instructions at https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html.
Note that tools.jar was removed in Java 9, so you can't add it; the doc needs
an amendment.
4) Start Tomcat with the Security Manager enabled using Java 11
5) Access localhost:8080/, which gets you the default ROOT/index.jsp and a HTTP
Status of 500 with a stack trace and AccessControlException

I fixed the issue in their testing environment by adding the code block
mentioned in the comments of
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8210274 to their
security policy. I'm not the best with java security, so I thought I'd open an
issue here and see if anyone has better or simpler ideas on how to make vanilla
Tomcat with Ant to compile JSPs work out of the box like it does with ECJ.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to