https://issues.apache.org/bugzilla/show_bug.cgi?id=55446
Bug ID: 55446
Summary: static final boolean
org.apache.jasper.Constants.IS_SECURITY_ENABLED
results in erroneous state when security is enabled
dynamically
Product: Tomcat 7
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: raymond.a...@liferay.com
1) start app server normally (no security)
2) assuming any normal webapp is initialized, a JspRuntimeContext will be
created and at first invocation
Constants.IS_SECURITY_ENABLED = (System.getSecurityManager() != null);
is evaluated.
3) deploy some later component (ie. a webapp) which does:
System.setSecurityManager(new SecurityManager());
4) from that point, all Jasper code will provide the incorrect security state,
app server wide
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
