You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Dave Oxley <to...@hotmail.com> on 2001/05/17 19:54:14 UTC
3.2.2. When's it shipping?
What is the current state of 3.2.2 development? Is it going to ship any time
soon?
Dave.
Dave@JungleMoss.com
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Antony Bowesman <ad...@teamware.com>.
Thanks Marc, part of my problem was that JVM tries to load all files in
${java.home}/lib/ext as possible jar files regardless of file name.
Your permission additions solve the rest!
Antony
Marc Saegesser wrote:
>
> I added the permissions to the global list of permissions. I've attached
> the most recent tomcat.policy file.
>
> > -----Original Message-----
> > From: Antony Bowesman [mailto:adb@teamware.com]
> > Sent: Monday, May 21, 2001 12:49 AM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it
> > shipping?]
> >
> >
> > Marc Saegesser wrote:
> > >
> > > The null check is simple enough and its already been tested in 3.3
> > > so I feel comfortable making the change without a beta. I'll commit
> > > the change today.
> >
> > Great, thanks!
> >
> > > Another question regarding using the security manager and JSP. If
> > > I use the default tomcat.policy file I can't access any JSP pages
> > > because I get an access denied expcetion getting the line.separator
> > > property. If I add
> > >
> > > permission java.util.PropertyPermission "line.separator", "read";
> > > permission java.util.PropertyPermission "file.separator", "read";
> > >
> > > to tomcat.policy the pages are served correctly. Glenn, is there
> > > any problem adding these two lines to the default policy? Am I
> > > missing something else?
> >
> > I've tested this but it ONLY works if you add these permissions with no
> > codeBase. If you add them under the specified codeBase
> >
> > grant codeBase "file:${tomcat.home}/-"
> >
> > They still cause the access exception. I have even tried the following
> > codeBases
> >
> > grant codeBase "file:c:/-"
> > grant codeBase "file:h:/-"
> >
> > with still the same exception. Why doesn't it work??
> >
> > Rgds
> > Antony
> >
> > >
> > > > -----Original Message-----
> > > > From: Antony Bowesman [mailto:adb@teamware.com]
> > > > Sent: Friday, May 18, 2001 1:50 AM
> > > > To: tomcat-dev@jakarta.apache.org
> > > > Subject: Re: 3.2.2. When's it shipping?
> > > >
> > > >
> > > > Marc Saegesser wrote:
> > > > >
> > > > > I bloody hope so.
> > > > >
> > > > > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > > > > cycle is planned for one week. Unless someone reports a show
> > > > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > > > I'll call release vote on tomcat-dev. This vote lasts for one week
> > > > > and every committer gets to vote. A public release vote is open for
> > > > > one week. So, the best case right now is May 28th.
> > > >
> > > > Not sure if this would be a showstopper however, there is a bug in
> > > > jasper/runtime/JspFactoryImpl.java which causes a
> > NullPointerException.
> > > > Fixed in 3.3 but not in 3.2.2
> > > >
> > > > I'm relatively new to tomcat so am not sure of the bug
> > reporting process
> > > > but I sent report of a bug to this list a couple of days ago.
> > > >
> > > > Just tested it with b5 - bug still exists.
> > > >
> > > > tomcat run -security
> > > >
> > > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> > > >
> > > > due to no check for pageContext == null in releasePageContext
> > > >
> > > > This is fixed in 3.3
> > > >
> > > > if (pc == null) return
> > > >
> > > > Rgds
> > > > Antony
> > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > > > To: tomcat-dev@jakarta.apache.org
> > > > > > Subject: 3.2.2. When's it shipping?
> > > > > >
> > > > > >
> > > > > > What is the current state of 3.2.2 development? Is it going to
> > > > > > ship any time
> > > > > > soon?
> > > > > >
> > > > > > Dave.
> > > > > > Dave@JungleMoss.com
> > > > > >
RE: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Marc Saegesser <ma...@apropos.com>.
I added the permissions to the global list of permissions. I've attached
the most recent tomcat.policy file.
> -----Original Message-----
> From: Antony Bowesman [mailto:adb@teamware.com]
> Sent: Monday, May 21, 2001 12:49 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it
> shipping?]
>
>
> Marc Saegesser wrote:
> >
> > The null check is simple enough and its already been tested in 3.3
> > so I feel comfortable making the change without a beta. I'll commit
> > the change today.
>
> Great, thanks!
>
> > Another question regarding using the security manager and JSP. If
> > I use the default tomcat.policy file I can't access any JSP pages
> > because I get an access denied expcetion getting the line.separator
> > property. If I add
> >
> > permission java.util.PropertyPermission "line.separator", "read";
> > permission java.util.PropertyPermission "file.separator", "read";
> >
> > to tomcat.policy the pages are served correctly. Glenn, is there
> > any problem adding these two lines to the default policy? Am I
> > missing something else?
>
> I've tested this but it ONLY works if you add these permissions with no
> codeBase. If you add them under the specified codeBase
>
> grant codeBase "file:${tomcat.home}/-"
>
> They still cause the access exception. I have even tried the following
> codeBases
>
> grant codeBase "file:c:/-"
> grant codeBase "file:h:/-"
>
> with still the same exception. Why doesn't it work??
>
> Rgds
> Antony
>
> >
> > > -----Original Message-----
> > > From: Antony Bowesman [mailto:adb@teamware.com]
> > > Sent: Friday, May 18, 2001 1:50 AM
> > > To: tomcat-dev@jakarta.apache.org
> > > Subject: Re: 3.2.2. When's it shipping?
> > >
> > >
> > > Marc Saegesser wrote:
> > > >
> > > > I bloody hope so.
> > > >
> > > > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > > > cycle is planned for one week. Unless someone reports a show
> > > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > > I'll call release vote on tomcat-dev. This vote lasts for one week
> > > > and every committer gets to vote. A public release vote is open for
> > > > one week. So, the best case right now is May 28th.
> > >
> > > Not sure if this would be a showstopper however, there is a bug in
> > > jasper/runtime/JspFactoryImpl.java which causes a
> NullPointerException.
> > > Fixed in 3.3 but not in 3.2.2
> > >
> > > I'm relatively new to tomcat so am not sure of the bug
> reporting process
> > > but I sent report of a bug to this list a couple of days ago.
> > >
> > > Just tested it with b5 - bug still exists.
> > >
> > > tomcat run -security
> > >
> > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> > >
> > > due to no check for pageContext == null in releasePageContext
> > >
> > > This is fixed in 3.3
> > >
> > > if (pc == null) return
> > >
> > > Rgds
> > > Antony
> > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > > To: tomcat-dev@jakarta.apache.org
> > > > > Subject: 3.2.2. When's it shipping?
> > > > >
> > > > >
> > > > > What is the current state of 3.2.2 development? Is it going to
> > > > > ship any time
> > > > > soon?
> > > > >
> > > > > Dave.
> > > > > Dave@JungleMoss.com
> > > > >
>
> --
> Antony Bowesman
> Teamware Group
> adb@teamware.com
> tel: +358 9 5128 2562
> fax: +358 9 5128 2705
Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Antony Bowesman <ad...@teamware.com>.
Marc Saegesser wrote:
>
> The null check is simple enough and its already been tested in 3.3
> so I feel comfortable making the change without a beta. I'll commit
> the change today.
Great, thanks!
> Another question regarding using the security manager and JSP. If
> I use the default tomcat.policy file I can't access any JSP pages
> because I get an access denied expcetion getting the line.separator
> property. If I add
>
> permission java.util.PropertyPermission "line.separator", "read";
> permission java.util.PropertyPermission "file.separator", "read";
>
> to tomcat.policy the pages are served correctly. Glenn, is there
> any problem adding these two lines to the default policy? Am I
> missing something else?
I've tested this but it ONLY works if you add these permissions with no
codeBase. If you add them under the specified codeBase
grant codeBase "file:${tomcat.home}/-"
They still cause the access exception. I have even tried the following
codeBases
grant codeBase "file:c:/-"
grant codeBase "file:h:/-"
with still the same exception. Why doesn't it work??
Rgds
Antony
>
> > -----Original Message-----
> > From: Antony Bowesman [mailto:adb@teamware.com]
> > Sent: Friday, May 18, 2001 1:50 AM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: Re: 3.2.2. When's it shipping?
> >
> >
> > Marc Saegesser wrote:
> > >
> > > I bloody hope so.
> > >
> > > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > > cycle is planned for one week. Unless someone reports a show
> > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > I'll call release vote on tomcat-dev. This vote lasts for one week
> > > and every committer gets to vote. A public release vote is open for
> > > one week. So, the best case right now is May 28th.
> >
> > Not sure if this would be a showstopper however, there is a bug in
> > jasper/runtime/JspFactoryImpl.java which causes a NullPointerException.
> > Fixed in 3.3 but not in 3.2.2
> >
> > I'm relatively new to tomcat so am not sure of the bug reporting process
> > but I sent report of a bug to this list a couple of days ago.
> >
> > Just tested it with b5 - bug still exists.
> >
> > tomcat run -security
> >
> > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> >
> > due to no check for pageContext == null in releasePageContext
> >
> > This is fixed in 3.3
> >
> > if (pc == null) return
> >
> > Rgds
> > Antony
> >
> > >
> > > > -----Original Message-----
> > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > To: tomcat-dev@jakarta.apache.org
> > > > Subject: 3.2.2. When's it shipping?
> > > >
> > > >
> > > > What is the current state of 3.2.2 development? Is it going to
> > > > ship any time
> > > > soon?
> > > >
> > > > Dave.
> > > > Dave@JungleMoss.com
> > > >
--
Antony Bowesman
Teamware Group
adb@teamware.com
tel: +358 9 5128 2562
fax: +358 9 5128 2705
RE: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Marc Saegesser <ma...@apropos.com>.
OK, I'll update tomcat.policy to include them. It might be a version
difference (I'm using JDK1.2.2) but I can't see any harm with them being
there in any case.
> -----Original Message-----
> From: glenn@zathras.earthdome.org [mailto:glenn@zathras.earthdome.org]On
> Behalf Of Glenn Nielsen
> Sent: Friday, May 18, 2001 11:09 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: JSP and SecurityManager [was RE: 3.2.2. When's it
> shipping?]
>
>
> Hmm, I had thought those were getting added automatically, like the
> read FilePermission for the context root. Sure, you can add those
> to the default grant policy entry in tomcat.policy.
>
> Glenn
>
> Marc Saegesser wrote:
> >
> > The null check is simple enough and its already been tested in
> 3.3 so I feel
> > comfortable making the change without a beta. I'll commit the
> change today.
> >
> > Another question regarding using the security manager and JSP.
> If I use the
> > default tomcat.policy file I can't access any JSP pages because I get an
> > access denied expcetion getting the line.separator property. If I add
> >
> > permission java.util.PropertyPermission "line.separator", "read";
> > permission java.util.PropertyPermission "file.separator", "read";
> >
> > to tomcat.policy the pages are served correctly. Glenn, is there any
> > problem adding these two lines to the default policy? Am I missing
> > something else?
> >
> > > -----Original Message-----
> > > From: Antony Bowesman [mailto:adb@teamware.com]
> > > Sent: Friday, May 18, 2001 1:50 AM
> > > To: tomcat-dev@jakarta.apache.org
> > > Subject: Re: 3.2.2. When's it shipping?
> > >
> > >
> > > Marc Saegesser wrote:
> > > >
> > > > I bloody hope so.
> > > >
> > > > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > > > cycle is planned for one week. Unless someone reports a show
> > > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > > I'll call release vote on tomcat-dev. This vote lasts for one week
> > > > and every committer gets to vote. A public release vote is open for
> > > > one week. So, the best case right now is May 28th.
> > >
> > > Not sure if this would be a showstopper however, there is a bug in
> > > jasper/runtime/JspFactoryImpl.java which causes a
> NullPointerException.
> > > Fixed in 3.3 but not in 3.2.2
> > >
> > > I'm relatively new to tomcat so am not sure of the bug
> reporting process
> > > but I sent report of a bug to this list a couple of days ago.
> > >
> > > Just tested it with b5 - bug still exists.
> > >
> > > tomcat run -security
> > >
> > > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> > >
> > > due to no check for pageContext == null in releasePageContext
> > >
> > > This is fixed in 3.3
> > >
> > > if (pc == null) return
> > >
> > > Rgds
> > > Antony
> > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > > To: tomcat-dev@jakarta.apache.org
> > > > > Subject: 3.2.2. When's it shipping?
> > > > >
> > > > >
> > > > > What is the current state of 3.2.2 development? Is it going to
> > > > > ship any time
> > > > > soon?
> > > > >
> > > > > Dave.
> > > > > Dave@JungleMoss.com
> > > > >
>
> --
> ----------------------------------------------------------------------
> Glenn Nielsen glenn@more.net | /* Spelin donut madder |
> MOREnet System Programming | * if iz ina coment. |
> Missouri Research and Education Network | */ |
> ----------------------------------------------------------------------
Re: JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.
Hmm, I had thought those were getting added automatically, like the
read FilePermission for the context root. Sure, you can add those
to the default grant policy entry in tomcat.policy.
Glenn
Marc Saegesser wrote:
>
> The null check is simple enough and its already been tested in 3.3 so I feel
> comfortable making the change without a beta. I'll commit the change today.
>
> Another question regarding using the security manager and JSP. If I use the
> default tomcat.policy file I can't access any JSP pages because I get an
> access denied expcetion getting the line.separator property. If I add
>
> permission java.util.PropertyPermission "line.separator", "read";
> permission java.util.PropertyPermission "file.separator", "read";
>
> to tomcat.policy the pages are served correctly. Glenn, is there any
> problem adding these two lines to the default policy? Am I missing
> something else?
>
> > -----Original Message-----
> > From: Antony Bowesman [mailto:adb@teamware.com]
> > Sent: Friday, May 18, 2001 1:50 AM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: Re: 3.2.2. When's it shipping?
> >
> >
> > Marc Saegesser wrote:
> > >
> > > I bloody hope so.
> > >
> > > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > > cycle is planned for one week. Unless someone reports a show
> > > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > > I'll call release vote on tomcat-dev. This vote lasts for one week
> > > and every committer gets to vote. A public release vote is open for
> > > one week. So, the best case right now is May 28th.
> >
> > Not sure if this would be a showstopper however, there is a bug in
> > jasper/runtime/JspFactoryImpl.java which causes a NullPointerException.
> > Fixed in 3.3 but not in 3.2.2
> >
> > I'm relatively new to tomcat so am not sure of the bug reporting process
> > but I sent report of a bug to this list a couple of days ago.
> >
> > Just tested it with b5 - bug still exists.
> >
> > tomcat run -security
> >
> > gives nullPointerException in jasper/runtime/JspFactoryImpl.java
> >
> > due to no check for pageContext == null in releasePageContext
> >
> > This is fixed in 3.3
> >
> > if (pc == null) return
> >
> > Rgds
> > Antony
> >
> > >
> > > > -----Original Message-----
> > > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > > Sent: Thursday, May 17, 2001 12:54 PM
> > > > To: tomcat-dev@jakarta.apache.org
> > > > Subject: 3.2.2. When's it shipping?
> > > >
> > > >
> > > > What is the current state of 3.2.2 development? Is it going to
> > > > ship any time
> > > > soon?
> > > >
> > > > Dave.
> > > > Dave@JungleMoss.com
> > > >
--
----------------------------------------------------------------------
Glenn Nielsen glenn@more.net | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
JSP and SecurityManager [was RE: 3.2.2. When's it shipping?]
Posted by Marc Saegesser <ma...@apropos.com>.
The null check is simple enough and its already been tested in 3.3 so I feel
comfortable making the change without a beta. I'll commit the change today.
Another question regarding using the security manager and JSP. If I use the
default tomcat.policy file I can't access any JSP pages because I get an
access denied expcetion getting the line.separator property. If I add
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "file.separator", "read";
to tomcat.policy the pages are served correctly. Glenn, is there any
problem adding these two lines to the default policy? Am I missing
something else?
> -----Original Message-----
> From: Antony Bowesman [mailto:adb@teamware.com]
> Sent: Friday, May 18, 2001 1:50 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: 3.2.2. When's it shipping?
>
>
> Marc Saegesser wrote:
> >
> > I bloody hope so.
> >
> > Here's the plan. Beta 5 was released on Friday, May 11. This beta
> > cycle is planned for one week. Unless someone reports a show
> > stopping bug, and so far I haven't seen one, on Friday, May 18th.
> > I'll call release vote on tomcat-dev. This vote lasts for one week
> > and every committer gets to vote. A public release vote is open for
> > one week. So, the best case right now is May 28th.
>
> Not sure if this would be a showstopper however, there is a bug in
> jasper/runtime/JspFactoryImpl.java which causes a NullPointerException.
> Fixed in 3.3 but not in 3.2.2
>
> I'm relatively new to tomcat so am not sure of the bug reporting process
> but I sent report of a bug to this list a couple of days ago.
>
> Just tested it with b5 - bug still exists.
>
> tomcat run -security
>
> gives nullPointerException in jasper/runtime/JspFactoryImpl.java
>
> due to no check for pageContext == null in releasePageContext
>
> This is fixed in 3.3
>
> if (pc == null) return
>
> Rgds
> Antony
>
> >
> > > -----Original Message-----
> > > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > > Sent: Thursday, May 17, 2001 12:54 PM
> > > To: tomcat-dev@jakarta.apache.org
> > > Subject: 3.2.2. When's it shipping?
> > >
> > >
> > > What is the current state of 3.2.2 development? Is it going to
> > > ship any time
> > > soon?
> > >
> > > Dave.
> > > Dave@JungleMoss.com
> > >
Re: 3.2.2. When's it shipping?
Posted by Antony Bowesman <ad...@teamware.com>.
Marc Saegesser wrote:
>
> I bloody hope so.
>
> Here's the plan. Beta 5 was released on Friday, May 11. This beta
> cycle is planned for one week. Unless someone reports a show
> stopping bug, and so far I haven't seen one, on Friday, May 18th.
> I'll call release vote on tomcat-dev. This vote lasts for one week
> and every committer gets to vote. A public release vote is open for
> one week. So, the best case right now is May 28th.
Not sure if this would be a showstopper however, there is a bug in
jasper/runtime/JspFactoryImpl.java which causes a NullPointerException.
Fixed in 3.3 but not in 3.2.2
I'm relatively new to tomcat so am not sure of the bug reporting process
but I sent report of a bug to this list a couple of days ago.
Just tested it with b5 - bug still exists.
tomcat run -security
gives nullPointerException in jasper/runtime/JspFactoryImpl.java
due to no check for pageContext == null in releasePageContext
This is fixed in 3.3
if (pc == null) return
Rgds
Antony
>
> > -----Original Message-----
> > From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> > Sent: Thursday, May 17, 2001 12:54 PM
> > To: tomcat-dev@jakarta.apache.org
> > Subject: 3.2.2. When's it shipping?
> >
> >
> > What is the current state of 3.2.2 development? Is it going to
> > ship any time
> > soon?
> >
> > Dave.
> > Dave@JungleMoss.com
> >
RE: 3.2.2. When's it shipping?
Posted by Marc Saegesser <ma...@apropos.com>.
I bloody hope so.
Here's the plan. Beta 5 was released on Friday, May 11. This beta cycle is
planned for one week. Unless someone reports a show stopping bug, and so
far I haven't seen one, on Friday, May 18th. I'll call release vote on
tomcat-dev. This vote lasts for one week and every committer gets to vote.
A public release vote is open for one week. So, the best case right now is
May 28th.
> -----Original Message-----
> From: Dave Oxley [mailto:tomcat_dev@hotmail.com]
> Sent: Thursday, May 17, 2001 12:54 PM
> To: tomcat-dev@jakarta.apache.org
> Subject: 3.2.2. When's it shipping?
>
>
> What is the current state of 3.2.2 development? Is it going to
> ship any time
> soon?
>
> Dave.
> Dave@JungleMoss.com
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.