[jboss-jira] [JBoss JIRA] (WFLY-84) Jasper using wrong ProtectionDomain for compiled JSP
RH Bugzilla Integration (JIRA)
issues at jboss.org
Fri May 16 05:37:56 EDT 2014
[ https://issues.jboss.org/browse/WFLY-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated WFLY-84:
----------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1075100, https://bugzilla.redhat.com/show_bug.cgi?id=1075083 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1075100)
> Jasper using wrong ProtectionDomain for compiled JSP
> ----------------------------------------------------
>
> Key: WFLY-84
> URL: https://issues.jboss.org/browse/WFLY-84
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Reporter: David Lloyd
> Assignee: Remy Maucherat
> Fix For: 8.1.0.Final
>
>
> Compiled JSPs loaded via JasperLoader appear to be using a different ProtectionDomain than the rest of the WAR deployment. I think it should probably be using a PD which contains the permissions from the deployment's ClassLoader, and probably the CodeSource from the deployment unit from which the JSP file originated. This will ensure that permissions set via deployment descriptor and/or the management model will take proper effect.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list