You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/11/17 16:18:43 UTC

DO NOT REPLY [Bug 14622] - Jasper fails when security manager is set by a jsp

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14622>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14622

Jasper fails when security manager is set by a jsp

glenn@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From glenn@apache.org  2002-11-17 15:18 -------
This is not a bug.  The SecurityManager is global to the entire JVM Tomcat/Jasper
is running in.  It is the responsibility of the container to set the
SecurityManager.  This will not be changed.  Allowing a JSP page to set
the SecurityManager would be a huge security risk. To use the Tomcat 4
SecurityManager start Tomcat with the -security option.

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>