MyFaces is a project staffed by volunteers. While things are normally fixed rather quickly, it all depends on the various individuals involved with that particular area and their available free time.
One thing that would greatly speed up the process is if you were to submit a unified diff patch fixing the problem. On Wed, Mar 30, 2016 at 11:28 AM, Neil Richards <neilricha...@iname.com> wrote: > Hi, > > As you can imagine this has become a bit of a showstopper for me. I've added > a bug report but as yet it has not been assigned or commented on etc. Just > wondering how long these issues take to fix? Assume we're talking months? > Need to have some idea to determine how to move forward. > > Many thanks, > Neil > > -----Original Message----- > From: Werner Punz [mailto:werner.p...@gmail.com] > Sent: 04 March 2016 07:36 > To: users@myfaces.apache.org > Subject: Re: FW: Tomcat Security Exceptions on deployment of example war > (reformatted) > > Hi this is clearly a bug. > Can you please put a bugreport on > > https://issues.apache.org/jira/browse/MYFACES > > Werner > > > > Am 02.03.16 um 23:12 schrieb Neil Richards: >> Hi, >> >> I've been having trouble deploying my MyFaces(2.2.9) app on Tomcat 8 >> with the security manager enabled, so I then tried deploying the >> myfaces-example-simple-1.1.14.war and had the same problem. I need the >> security manager enabled as I am deploying in production on a shared > Tomcat >> instance and the hosts will not allow the RuntimePermissions on >> org.apache.catalina.core, org.apache.catalina.servlets or >> org.apache.jasper.compiler. These are the stack traces I get: >> >> 02-Mar-2016 22:08:54.902 INFO [localhost-startStop-1] >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security >> Violation, attempt to use Re stricted Class: >> org.apache.catalina.servlets.DefaultServlet >> java.security.AccessControlException: access denied >> ("java.lang.RuntimePermission" >> "accessClassInPackage.org.apache.catalina.servlets") >> at >> java.security.AccessControlContext.checkPermission(AccessControlContex >> t.java >> :472) >> at >> java.security.AccessController.checkPermission(AccessController.java:884) >> at >> java.lang.SecurityManager.checkPermission(SecurityManager.java:549) >> at >> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) >> at >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass >> Loader >> Base.java:1243) >> at >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass >> Loader >> Base.java:1142) >> at java.lang.Class.forName0(Native Method) >> at java.lang.Class.forName(Class.java:264) >> at >> org.apache.myfaces.ee6.MyFacesContainerInitializer.isDelegatedFacesSer >> vlet(M >> yFacesContainerInitializer.java:280) >> at >> org.apache.myfaces.ee6.MyFacesContainerInitializer.onStartup(MyFacesCo >> ntaine >> rInitializer.java:150) >> at >> > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java: >> 5244) >> at >> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) >> at >> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase. >> java:7 >> 25) >> at >> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) >> at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. >> java:153) >> at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. >> java:143) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) >> at >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) >> at >> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) >> at >> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) >> at >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j >> ava:11 >> 42) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. >> java:6 >> 17) >> at java.lang.Thread.run(Thread.java:745) >> >> 02-Mar-2016 22:08:59.435 INFO [localhost-startStop-1] >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security >> Violation, attempt to use Re stricted Class: >> org.apache.jasper.compiler.JspRuntimeContext >> java.security.AccessControlException: access denied >> ("java.lang.RuntimePermission" >> "accessClassInPackage.org.apache.jasper.compiler") >> at >> java.security.AccessControlContext.checkPermission(AccessControlContex >> t.java >> :472) >> at >> java.security.AccessController.checkPermission(AccessController.java:884) >> at >> java.lang.SecurityManager.checkPermission(SecurityManager.java:549) >> at >> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) >> at >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass >> Loader >> Base.java:1243) >> at >> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass >> Loader >> Base.java:1142) >> at java.lang.Class.forName0(Native Method) >> at java.lang.Class.forName(Class.java:264) >> at >> org.apache.myfaces.webapp.Jsp21FacesInitializer.getJspFactory(Jsp21Fac >> esInit >> ializer.java:88) >> at >> org.apache.myfaces.webapp.Jsp21FacesInitializer.initContainerIntegrati >> on(Jsp >> 21FacesInitializer.java:62) >> at >> org.apache.myfaces.webapp.AbstractFacesInitializer.initFaces(AbstractF >> acesIn >> itializer.java:172) >> at >> org.apache.myfaces.webapp.StartupServletContextListener.contextInitial >> ized(S >> tartupServletContextListener.java:121) >> at >> > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java: >> 4810) >> at >> > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java: >> 5255) >> at >> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) >> at >> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase. >> java:7 >> 25) >> at >> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) >> at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. >> java:153) >> at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. >> java:143) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) >> at >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) >> at >> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) >> at >> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) >> at >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j >> ava:11 >> 42) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. >> java:6 >> 17) >> at java.lang.Thread.run(Thread.java:745) >> >> I previously had a 2.1.9 version running on Tomcat 6 without any problems. >> Is it true that now MyFaces cannot be deployed in these circumstances? >> If not, can anyone tell me how I can overcome these problems? >> >> Many thanks, >> Neil >> >> >> > > >
