0003657: JSP CodeSource for security manager

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0003657

[Resin]

minor

always

08-28-09 09:04

08-31-09 15:13

Reporter

ferg

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

4.0.2

Product Version

Product Build

Summary

0003657: JSP CodeSource for security manager

Description

(rep by Kai Virkki)

We are trying to use SecurityManager with Resin 3.1.9 and run into the
following problem: CodeSource.getLocation() returns null for compiled
JSPs.

This means that we cannot use a specific codebase in grant clause in
our policy file, for example:

grant codeBase "file:/path_to_resin/runtime/work/-" {
OR grant codeBase "file:/path_to_resin/webapp/JSP-source/-" {
...some jsp-specific permissions
};

Instead, we have to use a universal grant clause:
grant {
..some jsp-specific permissions. Unfortunately, these will be applied
to all code!!!
};

Is there a way to make JSPs have a proper CodeSource?

Steps To Reproduce

Additional Information

Attached Files

Relationships

Notes
(0004209) ferg 08-31-09 15:13	jsp/178f

Issue History
Date Modified	Username	Field	Change
08-28-09 09:04	ferg	New Issue
08-31-09 15:13	ferg	Note Added: 0004209
08-31-09 15:13	ferg	Assigned To	=> ferg
08-31-09 15:13	ferg	Status	new => closed
08-31-09 15:13	ferg	Resolution	open => fixed
08-31-09 15:13	ferg	Fixed in Version	=> 4.0.2

Mantis 1.0.0rc3[^]

28 total queries executed.
25 unique queries executed.