You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@beehive.apache.org by "Chad Schoettger (JIRA)" <de...@beehive.apache.org> on 2005/10/07 18:13:49 UTC

[jira] Assigned: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager

     [ http://issues.apache.org/jira/browse/BEEHIVE-815?page=all ]

Chad Schoettger reassigned BEEHIVE-815:
---------------------------------------

    Assign To: Chad Schoettger

> Nested controls: cannot initialize a public control field when using a Java security manager
> --------------------------------------------------------------------------------------------
>
>          Key: BEEHIVE-815
>          URL: http://issues.apache.org/jira/browse/BEEHIVE-815
>      Project: Beehive
>         Type: Bug
>   Components: Controls
>     Versions: v1m1
>     Reporter: Rich Feit
>     Assignee: Chad Schoettger
>  Attachments: jira815.zip
>
> This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks" is not set in the security policy.
> Repro (the easiest way to reproduce this):
>     - cd to $CATALINA_HOME/bin.
>     - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories with ones of your own):
>        ---
>        grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
>        permission java.security.AllPermission;
>        };
>        grant codeBase "file:///c:/prog/jdk1.5.0/-"{
>        permission java.security.AllPermission;
>        };
>        grant {
>        permission java.util.PropertyPermission "*", "read";
>        permission java.lang.RuntimePermission "accessDeclaredMembers";
>        };
>        ---
>     - set the JAVA_OPTS environment variable:
>         (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
>         (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
>     - start tomcat:
>         (windows) .\startup.bat
>         (linux) ./startup.sh 
>     - Overlay the attached page flow and controls onto a webapp, and deploy it to the running tomcat.
>     - Hit the page flow (/usecontrol/Controller.jpf):
> EXPECTED: see the message "hello there" in the displayed page.
> ACTUAL: a series of exceptions, with this root cause:
> Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>         at java.security.AccessController.checkPermission(AccessController.java:427)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>         at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
>         at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
>         ... 85 more

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira