[jboss-jira] [JBoss JIRA] (WFLY-4864) JSP in web application doesn't get VFS-based security permissions
Kabir Khan (JIRA)
issues at jboss.org
Wed Dec 6 11:21:28 EST 2017
[ https://issues.jboss.org/browse/WFLY-4864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kabir Khan closed WFLY-4864.
----------------------------
> JSP in web application doesn't get VFS-based security permissions
> -----------------------------------------------------------------
>
> Key: WFLY-4864
> URL: https://issues.jboss.org/browse/WFLY-4864
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 10.0.0.Alpha4
> Reporter: Bartosz Spyrko-Śmietanko
> Assignee: Tomaz Cerar
> Fix For: 10.0.0.Alpha6
>
> Attachments: read-props.war, security.policy
>
>
> Permissions granted to web applications (using vfs:/... codebase) are not available in JSPs.
> After deploying the test app, a call to http://localhost:8080/read-props/ gives following error:
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.util.PropertyPermission" "java.home" "read")" in code source "(file:/Users/spyrkob/workspaces/set/servers/wildfly-10.x/wildfly-10.0.0.Alpha5-SNAPSHOT/standalone/tmp/read-props.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader at 3cae09bb")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:270)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPropertyAccess(WildFlySecurityManager.java:493)
> at java.lang.System.getProperty(System.java:714)
> at org.apache.jsp.index_jsp._jspService(index_jsp.java:95)
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> ... 33 more
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list