[
https://issues.apache.org/jira/browse/IVY-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeffrey Sinclair updated IVY-1015:
----------------------------------
Description:
When configuring Ivy through IvySettings, a call to System.getProperties() is
made.
System property calls are typically disabled through the security manager in
shared web containers which results in the following stack trace:
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
java.security.AccessController.checkPermission(AccessController.java:546)
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
java.lang.System.getProperties(System.java:582)
org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)
Since there is no out-of-the-box workaround, Ivy cannot be used in such an
environment.
Ivy could be made more web app friendly by providing a flag to disable System
property lookups.
It would be useful to configure this flag through API on the IvySettings class.
Any other usage of system properties outside of the IvySettings file should
also be controllable.
was:
When configuring Ivy through IvySettings, a call to System.getProperties() is
made.
System property calls are typically disabled through the security manager in
shared web containers which results in the following stack trace:
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
java.security.AccessController.checkPermission(AccessController.java:546)
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
java.lang.System.getProperties(System.java:582)
org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)
Since there is no out-of-the-box workaround, Ivy cannot be used in such an
environment.
Ivy could be made more web app friendly by providing a flag to disable System
property lookups.
It would be useful to configure this flag both through an ivy-settings xml file
as well as through programmatic API on the IvySettings class.
Any other usage of system properties outside of the IvySettings file should
also be controllable.
> Flag to disable System property lookups by Ivy
> ----------------------------------------------
>
> Key: IVY-1015
> URL: https://issues.apache.org/jira/browse/IVY-1015
> Project: Ivy
> Issue Type: New Feature
> Affects Versions: 1.0, 1.1, 1.2, 1.3, 1.3.1, 1.4, 1.4.1, 2.0.0-alpha-1,
> 2.0.0-alpha-2, 2.0.0-beta-1, 2.0.0-beta-2, 2.0-RC1, 2.0-RC2, 2.0
> Reporter: Jeffrey Sinclair
> Fix For: 2.0.x
>
>
> When configuring Ivy through IvySettings, a call to System.getProperties() is
> made.
> System property calls are typically disabled through the security manager in
> shared web containers which results in the following stack trace:
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission * read,write)
>
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>
> java.security.AccessController.checkPermission(AccessController.java:546)
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
> java.lang.System.getProperties(System.java:582)
>
> org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
> org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
> org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)
> Since there is no out-of-the-box workaround, Ivy cannot be used in such an
> environment.
> Ivy could be made more web app friendly by providing a flag to disable System
> property lookups.
> It would be useful to configure this flag through API on the IvySettings
> class.
> Any other usage of system properties outside of the IvySettings file should
> also be controllable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
