[jira] Commented: (JELLY-90) SecurityException when using Jelly in applet or JAWS sandbox

Mon, 06 Oct 2003 11:11:09 -0700 

The following comment has been added to this issue:

     Author: Paul Libbrecht
    Created: Mon, 6 Oct 2003 1:33 PM
       Body:
May I add, that, indeed, there seems to be a principle at several places of the jelly 
code to ignore security exceptions (James has made comments on that).
It would be worth even bringing this within the documentation.

Consider this as a vote... we need to ping the appropriate people.
Paul
---------------------------------------------------------------------
View the issue:

  http://jira.codehaus.org/secure/ViewIssue.jspa?key=JELLY-90


Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JELLY-90
    Summary: SecurityException when using Jelly in applet or JAWS sandbox
       Type: Bug

     Status: Unassigned
   Priority: Major

 Time Spent: Unknown
  Remaining: 5 minutes

    Project: jelly
 Components: 
             core / taglib.core

   Assignee: 
   Reporter: Scott Howlett

    Created: Mon, 6 Oct 2003 11:32 AM
    Updated: Mon, 6 Oct 2003 11:32 AM

Description:
Using Jelly in a sandboxed Java Web Start application or an applet raises a 
SecurityException because a JellyContext calls system.getProperties() when it is 
initialized to set up the "systemScope" context variable.

Placing that statement inside a try / catch block that swallows the SecurityException 
solves the problem for me.

Of course this means that "systemScope" is unavailable in these contexts, but that 
seems to be a fair compromise, especially since findVariable() does a 
System.getProperty() as a last resort anyway (and this one *is* properly encased in a 
block that catches SecurityException).

The relevant bit of code is JellyContext.init:

    private void init() {
        variables.put("context", this);
        try {
            variables.put("systemScope", System.getProperties());
        }
        catch (SecurityException e) {
            // ignore security exceptions
        }
    }    



---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to