Mantis - Resin
Viewing Issue Advanced Details
3657 minor always 08-28-09 09:04 08-02-09 15:13
ferg  
ferg  
normal  
closed  
fixed  
none    
none 4.0.2  
0003657: JSP CodeSource for security manager
(rep by Kai Virkki)


We are trying to use SecurityManager with Resin 3.1.9 and run into the
following problem: CodeSource.getLocation() returns null for compiled
JSPs.

This means that we cannot use a specific codebase in grant clause in
our policy file, for example:

grant codeBase "file:/path_to_resin/runtime/work/-" {
OR grant codeBase "file:/path_to_resin/webapp/JSP-source/-" {
...some jsp-specific permissions
};

Instead, we have to use a universal grant clause:
grant {
..some jsp-specific permissions. Unfortunately, these will be applied
to all code!!!
};

Is there a way to make JSPs have a proper CodeSource?


Notes
(0004209)
ferg   
08-02-09 15:13   
jsp/178f