DO NOT REPLY [Bug 36271] New: - response.sendRedirect() needs additional Permissions

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36271>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36271

           Summary: response.sendRedirect() needs additional Permissions
           Product: Tomcat 5
           Version: 5.5.9
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: [EMAIL PROTECTED]


Running tomcat with security manager 'response.sendRedirect("some address")'
will cause following exception:

java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.net)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at 
java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at 
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at org.apache.catalina.connector.Response.hasScheme(Response.java:1504)
        at org.apache.catalina.connector.Response.toAbsolute(Response.java:1431)
        at 
org.apache.catalina.connector.Response.sendRedirect(Response.java:1205)
        at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:428)
...

To work properly you have to add
"accessClassInPackage.org.apache.tomcat.util.net" RuntimePermission.
Using the core servlet api should not require that internal tomcat packages have
to be exposed to the webapp.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]