[jira] [Updated] (SOLR-3879) war file has javax.servlet-api jar bundled

Tue, 25 Sep 2012 12:52:11 -0700 

     [ 
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael McCandless updated SOLR-3879:
-------------------------------------

    Attachment: SOLR-3879.patch

Patch (against 4.0.x branch) for smokeTestRelease.py.  It fails on the 4.0.0 RC 
with this:

{noformat}
Traceback (most recent call last):
  File "dev-tools/scripts/smokeTestRelease.py", line 1161, in <module>
  File "dev-tools/scripts/smokeTestRelease.py", line 1109, in main
  File "dev-tools/scripts/smokeTestRelease.py", line 1151, in smokeTest
  File "dev-tools/scripts/smokeTestRelease.py", line 446, in unpack
  File "dev-tools/scripts/smokeTestRelease.py", line 558, in verifyUnpacked
  File "dev-tools/scripts/smokeTestRelease.py", line 177, in checkSolrWAR
RuntimeError: WAR file 
/l/40x/tmp/unpack/apache-solr-4.0.0/example/webapps/solr.war contains JAR file 
WEB-INF/lib/javax.servlet-api-3.0.1.jar with illegal class 
"javax/servlet/ServletSecurityElement.class"
{noformat}

                
> war file has javax.servlet-api jar bundled
> ------------------------------------------
>
>                 Key: SOLR-3879
>                 URL: https://issues.apache.org/jira/browse/SOLR-3879
>             Project: Solr
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 4.0
>            Reporter: Roman Shaposhnik
>            Priority: Critical
>             Fix For: 4.0
>
>         Attachments: SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming 
> release of Solr 4.0

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to