[jboss-jira] [JBoss JIRA] (WFLY-84) Jasper using wrong ProtectionDomain for compiled JSP
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue Sep 29 08:34:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated WFLY-84:
----------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1075100, https://bugzilla.redhat.com/show_bug.cgi?id=1075083, https://bugzilla.redhat.com/show_bug.cgi?id=1267240 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1075100, https://bugzilla.redhat.com/show_bug.cgi?id=1075083)
> Jasper using wrong ProtectionDomain for compiled JSP
> ----------------------------------------------------
>
> Key: WFLY-84
> URL: https://issues.jboss.org/browse/WFLY-84
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: David Lloyd
> Assignee: Stuart Douglas
> Priority: Blocker
> Fix For: 9.0.0.Beta1
>
>
> Compiled JSPs loaded via JasperLoader appear to be using a different ProtectionDomain than the rest of the WAR deployment. I think it should probably be using a PD which contains the permissions from the deployment's ClassLoader, and probably the CodeSource from the deployment unit from which the JSP file originated. This will ensure that permissions set via deployment descriptor and/or the management model will take proper effect.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list