Re: securityManager in JasperLoader.java
Jean-Francois Arcand wrote: Hi Jean-Frederic, the current source have: Right: +++ [EMAIL PROTECTED]:~/jakarta-tomcat-jasper more CVS/Tag Ttomcat_4_branch +++ Should I port back the correction to the tomcat_4_branch? Cheers Jean-Frederic int dot = name.lastIndexOf('.'); if (securityManager != null) { if (dot = 0) { try { // Do not call the security manager since by default, we grant that package. if (!org.apache.jasper.runtime.equalsIgnoreCase(name.substring(0,dot))){ securityManager.checkPackageAccess(name.substring(0,dot)); } } catch (SecurityException se) { which is the correct way, althrough int dot = name.lastIndexOf('.'); should be moved to be inside the if, because dot is not used outside of it. Done :-) Thanks, -- Jeanfrancois jean-frederic clere wrote: Hi, One of my colleague has problems in JasperLoader.java: The System.getSecurityManager() is null when creating the class but not null later on. Why do we have the following code? (from jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java): +++ if (System.getSecurityManager() != null) { if (dot = 0) { try { securityManager.checkPackageAccess(name.substring(0,dot)); } catch (SecurityException se) { String error = Security Violation, attempt to use + Restricted Class: + name; System.out.println(error); throw new ClassNotFoundException(error); } } } +++ We test System.getSecurityManager() but use securityManager! Cheers Jean-Frederic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
securityManager in JasperLoader.java
Hi, One of my colleague has problems in JasperLoader.java: The System.getSecurityManager() is null when creating the class but not null later on. Why do we have the following code? (from jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java): +++ if (System.getSecurityManager() != null) { if (dot = 0) { try { securityManager.checkPackageAccess(name.substring(0,dot)); } catch (SecurityException se) { String error = Security Violation, attempt to use + Restricted Class: + name; System.out.println(error); throw new ClassNotFoundException(error); } } } +++ We test System.getSecurityManager() but use securityManager! Cheers Jean-Frederic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: securityManager in JasperLoader.java
Hi Jean-Frederic, the current source have: int dot = name.lastIndexOf('.'); if (securityManager != null) { if (dot = 0) { try { // Do not call the security manager since by default, we grant that package. if (!org.apache.jasper.runtime.equalsIgnoreCase(name.substring(0,dot))){ securityManager.checkPackageAccess(name.substring(0,dot)); } } catch (SecurityException se) { which is the correct way, althrough int dot = name.lastIndexOf('.'); should be moved to be inside the if, because dot is not used outside of it. Thanks, -- Jeanfrancois jean-frederic clere wrote: Hi, One of my colleague has problems in JasperLoader.java: The System.getSecurityManager() is null when creating the class but not null later on. Why do we have the following code? (from jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java): +++ if (System.getSecurityManager() != null) { if (dot = 0) { try { securityManager.checkPackageAccess(name.substring(0,dot)); } catch (SecurityException se) { String error = Security Violation, attempt to use + Restricted Class: + name; System.out.println(error); throw new ClassNotFoundException(error); } } } +++ We test System.getSecurityManager() but use securityManager! Cheers Jean-Frederic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]