You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/11/17 02:38:09 UTC
DO NOT REPLY [Bug 14622] New: -
Jasper fails when security manager is set by a jsp
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14622>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14622
Jasper fails when security manager is set by a jsp
Summary: Jasper fails when security manager is set by a jsp
Product: Tomcat 4
Version: 4.1.12
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Jasper
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: jacek_laskowski@hp.com
Here is a jsp which shows the issue:
<%@ page import="java.security.Permission,
org.acme.Hello"%>
<html>
<body>
<%
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
System.setSecurityManager(new SecurityManager(){
public void checkPermission(Permission perm) {}
public void checkPermission(Permission perm, Object
context) {}
});
}
%>
To see the bug you'd cast to a class in the WebAppClassloader only: <%=
Object.class.isAssignableFrom( Hello.class ) %>
</body>
</html>
Upon running the code, Jasper finishes with the following stack trace:
java.lang.NullPointerException
at org.apache.jasper.servlet.JasperLoader.loadClass
(JasperLoader.java:179)
at org.apache.jasper.servlet.JasperLoader.loadClass
(JasperLoader.java:131)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:310)
at org.apache.jsp.index_jsp.class$(index_jsp.java:56)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:63)
....snipped...
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>