Jasper using wrong ProtectionDomain for compiled JSP ---------------------------------------------------- Key: WFLY-84 URL: https://issues.jboss.org/browse/WFLY-84 Project: WildFly Issue Type: Bug Security Level: Public(Everyone can see) Components: Web (JBoss Web) Reporter: David Lloyd Assignee: Remy Maucherat Fix For: 8.0.0.CR1 Compiled JSPs loaded via JasperLoader appear to be using a different ProtectionDomain than the rest of the WAR deployment. I think it should probably be using a PD which contains the permissions from the deployment's ClassLoader, and probably the CodeSource from the deployment unit from which the JSP file originated. This will ensure that permissions set via deployment descriptor and/or the management model will take proper effect.