You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by co...@jakarta.apache.org on 2004/08/12 09:37:19 UTC

[jira] Closed: (JELLY-90) SecurityException when using Jelly in applet or JAWS sandbox

Message:

   The following issue has been closed.

   Resolver: dion gillard
       Date: Thu, 12 Aug 2004 12:36 AM

Done before
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/JELLY-90

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JELLY-90
    Summary: SecurityException when using Jelly in applet or JAWS sandbox
       Type: Bug

     Status: Closed
   Priority: Major
 Resolution: FIXED

    Project: jelly
 Components: 
             core / taglib.core
   Fix Fors:
             1.0-beta-4

   Assignee: 
   Reporter: Scott Howlett

    Created: Mon, 6 Oct 2003 11:32 AM
    Updated: Thu, 12 Aug 2004 12:36 AM

Description:
Using Jelly in a sandboxed Java Web Start application or an applet raises a SecurityException because a JellyContext calls system.getProperties() when it is initialized to set up the "systemScope" context variable.

Placing that statement inside a try / catch block that swallows the SecurityException solves the problem for me.

Of course this means that "systemScope" is unavailable in these contexts, but that seems to be a fair compromise, especially since findVariable() does a System.getProperty() as a last resort anyway (and this one *is* properly encased in a block that catches SecurityException).

The relevant bit of code is JellyContext.init:

    private void init() {
        variables.put("context", this);
        try {
            variables.put("systemScope", System.getProperties());
        }
        catch (SecurityException e) {
            // ignore security exceptions
        }
    }    



---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org