You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Sebb (Closed) (JIRA)" <ji...@apache.org> on 2011/12/14 10:30:31 UTC
[jira] [Closed] (JEXL-120) Make ParseException work in sandboxed
environment
[ https://issues.apache.org/jira/browse/JEXL-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb closed JEXL-120.
---------------------
> Make ParseException work in sandboxed environment
> -------------------------------------------------
>
> Key: JEXL-120
> URL: https://issues.apache.org/jira/browse/JEXL-120
> Project: Commons JEXL
> Issue Type: Improvement
> Affects Versions: 2.0.1
> Reporter: Lukas Krecan
> Assignee: Henri Biestro
> Fix For: 2.1
>
>
> We execute JEXL expressions in sandboxed environment (using Java policy mechanism). When the expression is incorrect, the {{org.apache.commons.jexl2.parser.ParseException}} is thrown. Unfortunately it tries to access {{System.getProperty("line.separator", "\n")}} which fails if access to system property is not allowed.
> {code}
> java.security.AccessControlException: access denied (java.util.PropertyPermission line.separator read)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at java.security.AccessController.checkPermission(AccessController.java:546)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
> at java.lang.System.getProperty(System.java:686)
> at org.apache.commons.jexl2.parser.ParseException.initialise(ParseException.java:91)
> at org.apache.commons.jexl2.parser.ParseException.<init>(ParseException.java:34)
> at org.apache.commons.jexl2.parser.Parser.generateParseException(Parser.java:3601)
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira