[jboss-jira] [JBoss JIRA] (WFLY-4864) JSP in web application doesn't get VFS-based security permissions

Tomaz Cerar (JIRA) issues at jboss.org
Thu Jul 2 16:53:02 EDT 2015 

    [ https://issues.jboss.org/browse/WFLY-4864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13086074#comment-13086074 ] 

Tomaz Cerar commented on WFLY-4864:
-----------------------------------

This was re-introduced as part of jastow rebase. 
Thank you for test case as it will make sure it doesn't happen again. 

> JSP in web application doesn't get VFS-based security permissions
> -----------------------------------------------------------------
>
>                 Key: WFLY-4864
>                 URL: https://issues.jboss.org/browse/WFLY-4864
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.0.0.Alpha4
>            Reporter: Bartosz Spyrko-Śmietanko
>            Assignee: Tomaz Cerar
>         Attachments: read-props.war, security.policy
>
>
> Permissions granted to web applications (using vfs:/... codebase) are not available in JSPs.
> After deploying the test app, a call to http://localhost:8080/read-props/ gives following error:
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.util.PropertyPermission" "java.home" "read")" in code source "(file:/Users/spyrkob/workspaces/set/servers/wildfly-10.x/wildfly-10.0.0.Alpha5-SNAPSHOT/standalone/tmp/read-props.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader at 3cae09bb")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:270)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPropertyAccess(WildFlySecurityManager.java:493)
> 	at java.lang.System.getProperty(System.java:714)
> 	at org.apache.jsp.index_jsp._jspService(index_jsp.java:95)
> 	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> 	... 33 more



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the jboss-jira mailing list