[ https://issues.apache.org/jira/browse/MYFACES-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Andraschko reopened MYFACES-4037: ---------------------------------------- > RuntimePermissions required for protected packages when security manager > enabled > -------------------------------------------------------------------------------- > > Key: MYFACES-4037 > URL: https://issues.apache.org/jira/browse/MYFACES-4037 > Project: MyFaces Core > Issue Type: Bug > Components: General > Affects Versions: 2.2.9 > Environment: Tomcat 8 > Reporter: Neil Richards > > Deploying myfaces-example-simple-1.1.14.war with security manager enabled > causes AccessControlExceptions as follows: > org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security > Violation, attempt to use Restricted Class: > org.apache.catalina.servlets.DefaultServlet > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" > "accessClassInPackage.org.apache.catalina.servlets") > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" > "accessClassInPackage.org.apache.catalina.servlets") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.security.AccessController.checkPermission(AccessController.java:884) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at > java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:264) > at > org.apache.myfaces.ee6.MyFacesContainerInitializer.isDelegatedFacesServlet(MyFacesContainerInitializer.java:280) > at > org.apache.myfaces.ee6.MyFacesContainerInitializer.onStartup(MyFacesContainerInitializer.java:150) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5244) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) > at > org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) > at > org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security > Violation, attempt to use Restricted Class: > org.apache.jasper.compiler.JspRuntimeContext > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" > "accessClassInPackage.org.apache.jasper.compiler") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.security.AccessController.checkPermission(AccessController.java:884) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at > java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:264) > at > org.apache.myfaces.webapp.Jsp21FacesInitializer.getJspFactory(Jsp21FacesInitializer.java:88) > at > org.apache.myfaces.webapp.Jsp21FacesInitializer.initContainerIntegration(Jsp21FacesInitializer.java:62) > at > org.apache.myfaces.webapp.AbstractFacesInitializer.initFaces(AbstractFacesInitializer.java:172) > at > org.apache.myfaces.webapp.StartupServletContextListener.contextInitialized(StartupServletContextListener.java:121) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4810) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) > at > org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) > at > org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) -- This message was sent by Atlassian JIRA (v6.4.14#64029)