Paul Nicolucci created MYFACES-4540: ---------------------------------------
Summary: Missing doPriv in WebXmlParser Key: MYFACES-4540 URL: https://issues.apache.org/jira/browse/MYFACES-4540 Project: MyFaces Core Issue Type: Bug Components: General Affects Versions: 4.0.0-RC2, 4.0.0-RC3 Reporter: Paul Nicolucci Assignee: Paul Nicolucci The following AccessControlException can occur when Java2 Security is enabled with MyFaces 4.0: {noformat} ("java.io.FilePermission" "...\server\apps\expanded\test.war\WEB-INF\web.xml" "read") Stack: java.security.AccessControlException: Access denied ("java.io.FilePermission" "...\server\apps\expanded\test.war\WEB-INF\web.xml" "read")java.base/java.security.AccessController.throwACE(AccessController.java:176) java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:238) java.base/java.security.AccessController.checkPermission(AccessController.java:385) java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45) java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661) java.base/java.io.File.isDirectory(File.java:856) java.base/sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:78) java.base/sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:184) java.base/java.net.URL.openStream(URL.java:1165) <unknown class>.toDocument(WebXmlParser.java:192) <unknown class>.getWebXmlErrorPages(WebXmlParser.java:112) <unknown class>.getErrorPages(WebXmlParser.java:84) <unknown class>.isErrorPagePresent(DefaultWebConfigProvider.java:43) <unknown class>.init(MyFacesExceptionHandlerWrapperImpl.java:92) <unknown class>.init(MyFacesExceptionHandlerWrapperImpl.java:77) <unknown class>.getUnhandledExceptionQueuedEvents(MyFacesExceptionHandlerWrapperImpl.java:171) <unknown class>.getUnhandledExceptionQueuedEvents(ExceptionHandlerWrapper.java:65) <unknown class>.getUnhandledExceptionQueuedEvents(ExceptionHandlerWrapper.java:65) <unknown class>.handle(TestExceptionHandler.java:34) <unknown class>.executePhase(LifecycleImpl.java:193) <unknown class>.execute(LifecycleImpl.java:125) <unknown class>.service(FacesServlet.java:223) <unknown class>.service(ServletWrapper.java:1258){noformat} The occurs when {code:java} url.openStream() {code} is called which eventually calls into: https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/File.html#isDirectory() -- This message was sent by Atlassian Jira (v8.20.10#820010)