[
https://issues.apache.org/struts/browse/WW-2857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45376#action_45376
]
Eddy Chan commented on WW-2857:
-------------------------------
Looking at the code and the notes from WW-1368, you will notice that it is
attempting to read the properties from the file system first, and if not found,
then an attempt is made to read from the classpath. This means that the file
system search is allowed to fail, and subsequently, it should be located from
the classpath. However, this will not happen if a SecurityException occurs,
which can happen without a grant. Thus, the SecurityException should be caught.
> SecurityException accessing theme.properites
> --------------------------------------------
>
> Key: WW-2857
> URL: https://issues.apache.org/struts/browse/WW-2857
> Project: Struts 2
> Issue Type: Bug
> Reporter: Eddy Chan
> Fix For: 2.1.3
>
>
> With WW-1368 (https://issues.apache.org/struts/browse/WW-1368), a bug is
> introduced when security is enabled as the file system path for the
> theme.properties file may not be within the webapp and thus, requires a
> FilePermission to access the invalid path. Therefore, there needs to be a
> catch for a SecurityException. The method of the call is in
> org.apache.struts2.components.template.BaseTemplateEngine.getThemeProps(Template)
> and the call is propFile.exists().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
