Hello! Thanks for all help guys!
The permissions worked perfectly, really interesting. I then guess that you agree with me that if it is possible (if you got permissions to add permissions) to set the permissions like this instead of the OgnlRuntime.setSecurityManager(null); Do you agree with me? Best regards Fredrik > From: lukaszlen...@apache.org > Date: Tue, 26 Nov 2013 22:35:53 +0100 > Subject: Re: Will I get sideeffects with: > OgnlRuntime.setSecurityManager(null); > To: user@struts.apache.org > > This should help [1] and you must add these (I cannot find the correct > link with exact example for Struts2) > > permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; > permission java.lang.RuntimePermission "*"; > permission ognl.OgnlInvokePermission "*"; > > [1] > https://confluence.atlassian.com/display/CONF29/Java+Policy+Security+with+Confluence > > > Regards > > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > > 2013/11/26 Fredrik Andersson <fredan...@hotmail.com>: > > Hello! > > > > (Hope this is the correct forum for this question) > > > > > > > > I get this error in my hello-world-struts2-webapp when I run it in my > > tomcat with the catalina.policy. > > > > (Btw my catalina.policy is edited a bit to match my production env: > > http://pastie.org/8510824) > > > > > > > > /-- Encapsulated exception ------------\ > > java.lang.IllegalAccessException: Method [public void > > se.mycompany.web.actions.WelcomeUserAction.setUsername(java.lang.String)] > > cannot be accessed. > > at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:838) > > at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1280) > > > > > > > > > > I found this solution: > > > > https://groups.google.com/forum/#!msg/google-appengine-java/GQGLAxfyeBc/1NIfi8duNCEJ > > > > > > > > It suggest that a listener does: > > > > OgnlRuntime.setSecurityManager(null); > > > > > > > > In the doc for OgnlRuntime it says: > > > > Sets the SecurityManager that OGNL uses to determine permissions for > > invoking methods. > > > > > > > > But is this really a correct solution to set it to null? > > > > To me it doesn't sound good to have the securitymanager set to null, what > > security holes does that create? > > > > > > > > Could this be solved with some extra grants in the catalina.policy-file > > instead? > > > > > > > > > > > > Best regards > > > > Fredrik > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
