[jboss-jira] [JBoss JIRA] (AS7-6684) Jasper using wrong ProtectionDomain for compiled JSP
Remy Maucherat (JIRA)
jira-events at lists.jboss.org
Fri Mar 8 09:16:43 EST 2013
[ https://issues.jboss.org/browse/AS7-6684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12759766#comment-12759766 ]
Remy Maucherat commented on AS7-6684:
-------------------------------------
JSPs have certain features, which need certain permissions to operate, which is why these permissions are added in the policy. So I don't quite understand what you're saying.
(BTW, the Jasper source is also in git https://github.com/undertow-io/jaspertow )
> Jasper using wrong ProtectionDomain for compiled JSP
> ----------------------------------------------------
>
> Key: AS7-6684
> URL: https://issues.jboss.org/browse/AS7-6684
> Project: Application Server 7
> Issue Type: Bug
> Components: Web
> Reporter: David Lloyd
> Assignee: Remy Maucherat
> Fix For: 8.0.0.Alpha1
>
>
> Compiled JSPs loaded via JasperLoader appear to be using a different ProtectionDomain than the rest of the WAR deployment. I think it should probably be using a PD which contains the permissions from the deployment's ClassLoader, and probably the CodeSource from the deployment unit from which the JSP file originated. This will ensure that permissions set via deployment descriptor and/or the management model will take proper effect.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list