You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "Jeffrey Sinclair (JIRA)" <ji...@apache.org> on 2009/01/24 23:13:59 UTC

[jira] Updated: (IVY-1015) Flag to disable System property lookups by Ivy

     [ https://issues.apache.org/jira/browse/IVY-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jeffrey Sinclair updated IVY-1015:
----------------------------------

    Description: 
When configuring Ivy through IvySettings, a call to System.getProperties() is made. 

System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:

java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
        java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        java.security.AccessController.checkPermission(AccessController.java:546)
        java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
        java.lang.System.getProperties(System.java:582)
        org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
        org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
        org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)

Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.

Ivy could be made more web app friendly by providing a flag to disable System property lookups. 

It would be useful to configure this flag through API on the IvySettings class.

Any other usage of system properties outside of the IvySettings file should also be controllable.

  was:
When configuring Ivy through IvySettings, a call to System.getProperties() is made. 

System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:

java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
        java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        java.security.AccessController.checkPermission(AccessController.java:546)
        java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
        java.lang.System.getProperties(System.java:582)
        org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
        org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
        org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)

Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.

Ivy could be made more web app friendly by providing a flag to disable System property lookups. 

It would be useful to configure this flag both through an ivy-settings xml file as well as through programmatic API on the IvySettings class.

Any other usage of system properties outside of the IvySettings file should also be controllable.


> Flag to disable System property lookups by Ivy
> ----------------------------------------------
>
>                 Key: IVY-1015
>                 URL: https://issues.apache.org/jira/browse/IVY-1015
>             Project: Ivy
>          Issue Type: New Feature
>    Affects Versions: 1.0, 1.1, 1.2, 1.3, 1.3.1, 1.4, 1.4.1, 2.0.0-alpha-1, 2.0.0-alpha-2, 2.0.0-beta-1, 2.0.0-beta-2, 2.0-RC1, 2.0-RC2, 2.0
>            Reporter: Jeffrey Sinclair
>             Fix For: 2.0.x
>
>
> When configuring Ivy through IvySettings, a call to System.getProperties() is made. 
> System property calls are typically disabled through the security manager in shared web containers which results in the following stack trace:
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission * read,write)
>         java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>         java.security.AccessController.checkPermission(AccessController.java:546)
>         java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>         java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
>         java.lang.System.getProperties(System.java:582)
>         org.apache.ivy.core.settings.IvySettings.addSystemProperties(IvySettings.java:294)
>         org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:290)
>         org.apache.ivy.core.settings.IvySettings.<init>(IvySettings.java:212)
> Since there is no out-of-the-box workaround, Ivy cannot be used in such an environment.
> Ivy could be made more web app friendly by providing a flag to disable System property lookups. 
> It would be useful to configure this flag through API on the IvySettings class.
> Any other usage of system properties outside of the IvySettings file should also be controllable.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.