You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/03/07 16:21:48 UTC
[Bug 57673] New: AccessControlException accessing
org.apache.taglibs.standard.xml.accessExternalEntity
https://bz.apache.org/bugzilla/show_bug.cgi?id=57673
Bug ID: 57673
Summary: AccessControlException accessing
org.apache.taglibs.standard.xml.accessExternalEntity
Product: Taglibs
Version: unspecified
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Standard Taglib
Assignee: dev@tomcat.apache.org
Reporter: jboynes@apache.org
http://svn.apache.org/r1658754 added a check of the
org.apache.taglibs.standard.xml.accessExternalEntity system property during
initialization of XmlUtil. When a SecurityManager is present this check will
fail unless permission has been granted for the library to do that.
This may affect applications even if they do not use the XML tags because the
he JSTL <c:> core library includes a TLV that parses the XML view of the page
at translation time, obtaining the parser from the XmlUtil class. If permission
has not been granted then the check fails, a NoClassDefError is thrown, and the
JSP compilation will fail.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57673] AccessControlException accessing
org.apache.taglibs.standard.xml.accessExternalEntity
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57673
Jeremy Boynes <jb...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57673] AccessControlException accessing
org.apache.taglibs.standard.xml.accessExternalEntity
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57673
--- Comment #2 from Jeremy Boynes <jb...@apache.org> ---
Fixed in http://svn.apache.org/r1664878 and will be included in 1.2.4
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57673] AccessControlException accessing
org.apache.taglibs.standard.xml.accessExternalEntity
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57673
--- Comment #1 from Jeremy Boynes <jb...@apache.org> ---
I propose to fix this by ignoring the AccessControlException and falling back
to the default set of protocols i.e. none. To enable additional protocols,
users would need to pass that property and grant the library permission to read
it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org