Re: securityManager in JasperLoader.java
Jean-Francois Arcand wrote:
Hi Jean-Frederic,
the current source have:
Right:
+++
[EMAIL PROTECTED]:~/jakarta-tomcat-jasper more CVS/Tag
Ttomcat_4_branch
+++
Should I port back the correction to the tomcat_4_branch?
Cheers
Jean-Frederic
int dot = name.lastIndexOf('.');
if (securityManager != null) {
if (dot = 0) {
try {
// Do not call the security manager since by default,
we grant that package.
if
(!org.apache.jasper.runtime.equalsIgnoreCase(name.substring(0,dot))){
securityManager.checkPackageAccess(name.substring(0,dot));
}
} catch (SecurityException se) {
which is the correct way, althrough
int dot = name.lastIndexOf('.');
should be moved to be inside the if, because dot is not used outside
of it.
Done :-)
Thanks,
-- Jeanfrancois
jean-frederic clere wrote:
Hi,
One of my colleague has problems in JasperLoader.java: The
System.getSecurityManager() is null when creating the class but not
null later on.
Why do we have the following code? (from
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java):
+++
if (System.getSecurityManager() != null) {
if (dot = 0) {
try {
securityManager.checkPackageAccess(name.substring(0,dot));
} catch (SecurityException se) {
String error = Security Violation, attempt to use
+
Restricted Class: + name;
System.out.println(error);
throw new ClassNotFoundException(error);
}
}
}
+++
We test System.getSecurityManager() but use securityManager!
Cheers
Jean-Frederic
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
securityManager in JasperLoader.java
Hi,
One of my colleague has problems in JasperLoader.java: The
System.getSecurityManager() is null when creating the class but not null later on.
Why do we have the following code? (from
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java):
+++
if (System.getSecurityManager() != null) {
if (dot = 0) {
try {
securityManager.checkPackageAccess(name.substring(0,dot));
} catch (SecurityException se) {
String error = Security Violation, attempt to use +
Restricted Class: + name;
System.out.println(error);
throw new ClassNotFoundException(error);
}
}
}
+++
We test System.getSecurityManager() but use securityManager!
Cheers
Jean-Frederic
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: securityManager in JasperLoader.java
Hi Jean-Frederic,
the current source have:
int dot = name.lastIndexOf('.');
if (securityManager != null) {
if (dot = 0) {
try {
// Do not call the security manager since by
default, we grant that package.
if
(!org.apache.jasper.runtime.equalsIgnoreCase(name.substring(0,dot))){
securityManager.checkPackageAccess(name.substring(0,dot));
}
} catch (SecurityException se) {
which is the correct way, althrough
int dot = name.lastIndexOf('.');
should be moved to be inside the if, because dot is not used outside
of it.
Thanks,
-- Jeanfrancois
jean-frederic clere wrote:
Hi,
One of my colleague has problems in JasperLoader.java: The
System.getSecurityManager() is null when creating the class but not
null later on.
Why do we have the following code? (from
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JasperLoader.java):
+++
if (System.getSecurityManager() != null) {
if (dot = 0) {
try {
securityManager.checkPackageAccess(name.substring(0,dot));
} catch (SecurityException se) {
String error = Security Violation, attempt to use
+
Restricted Class: + name;
System.out.println(error);
throw new ClassNotFoundException(error);
}
}
}
+++
We test System.getSecurityManager() but use securityManager!
Cheers
Jean-Frederic
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
