subject:"\[jira\] \[Commented\] \(MYFACES\-4037\) RuntimePermissions required for protected packages when security manager enabled"

[jira] [Commented] (MYFACES-4037) RuntimePermissions required for protected packages when security manager enabled

2017-10-10 Thread Thomas Andraschko (JIRA)


[ 
https://issues.apache.org/jira/browse/MYFACES-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16198573#comment-16198573
 ] 

Thomas Andraschko commented on MYFACES-4037:


No response since 1,5 years. Should we close it?

> RuntimePermissions required for protected packages when security manager 
> enabled
> 
>
> Key: MYFACES-4037
> URL: https://issues.apache.org/jira/browse/MYFACES-4037
> Project: MyFaces Core
>  Issue Type: Bug
>  Components: General
>Affects Versions: 2.2.9
> Environment: Tomcat 8
>Reporter: Neil Richards
>
> Deploying myfaces-example-simple-1.1.14.war with security manager enabled 
> causes AccessControlExceptions as follows:
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security 
> Violation, attempt to use Restricted Class: 
> org.apache.catalina.servlets.DefaultServlet
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.catalina.servlets")
>  java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.catalina.servlets")
> at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at 
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:264)
> at 
> org.apache.myfaces.ee6.MyFacesContainerInitializer.isDelegatedFacesServlet(MyFacesContainerInitializer.java:280)
> at 
> org.apache.myfaces.ee6.MyFacesContainerInitializer.onStartup(MyFacesContainerInitializer.java:150)
> at 
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5244)
> at 
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at 
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
> at 
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131)
> at 
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153)
> at 
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at 
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699)
> at 
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
> at 
> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939)
> at 
> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security 
> Violation, attempt to use Restricted Class: 
> org.apache.jasper.compiler.JspRuntimeContext
> java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.jasper.compiler")
> at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at 
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:264)
> at 
> org.apache.myfaces.webapp.Jsp21FacesInitializer.getJspFactory(Jsp21FacesInitializer.java:88)
> at 
> org.apache.myfaces.webapp.Jsp21FacesInitializer.initContainerIntegration(Jsp21FacesInitializer.java:62)
> at 
> org.apache.myfaces.webapp.AbstractFacesInitializer.initFaces(AbstractFacesInitializer.java:172)
>

[jira] [Commented] (MYFACES-4037) RuntimePermissions required for protected packages when security manager enabled

2016-03-30 Thread Mike Kienenberger (JIRA)


[ 
https://issues.apache.org/jira/browse/MYFACES-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15218301#comment-15218301
 ] 

Mike Kienenberger commented on MYFACES-4037:


I'd recommend you describe the steps where you enable the security manager in a 
vanilla tomcat8 installation.  That way, if someone not familiar with 
configuring tomcat8 wants to look at your issue, they won't need to figure that 
out on their own.

> RuntimePermissions required for protected packages when security manager 
> enabled
> 
>
> Key: MYFACES-4037
> URL: https://issues.apache.org/jira/browse/MYFACES-4037
> Project: MyFaces Core
>  Issue Type: Bug
>  Components: General
>Affects Versions: 2.2.9
> Environment: Tomcat 8
>Reporter: Neil Richards
>
> Deploying myfaces-example-simple-1.1.14.war with security manager enabled 
> causes AccessControlExceptions as follows:
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security 
> Violation, attempt to use Restricted Class: 
> org.apache.catalina.servlets.DefaultServlet
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.catalina.servlets")
>  java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.catalina.servlets")
> at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at 
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:264)
> at 
> org.apache.myfaces.ee6.MyFacesContainerInitializer.isDelegatedFacesServlet(MyFacesContainerInitializer.java:280)
> at 
> org.apache.myfaces.ee6.MyFacesContainerInitializer.onStartup(MyFacesContainerInitializer.java:150)
> at 
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5244)
> at 
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> at 
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
> at 
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131)
> at 
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153)
> at 
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at 
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699)
> at 
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
> at 
> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939)
> at 
> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security 
> Violation, attempt to use Restricted Class: 
> org.apache.jasper.compiler.JspRuntimeContext
> java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.jasper.compiler")
> at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at 
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1243)
> at 
> org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:264)
> at 
> org.apache.myfaces.webapp.Jsp21FacesInitializer.getJspFactory(Jsp21FacesInitializer.java:88)
> at 
>

[jira] [Commented] (MYFACES-4037) RuntimePermissions required for protected packages when security manager enabled

[jira] [Commented] (MYFACES-4037) RuntimePermissions required for protected packages when security manager enabled

2 matches

Site Navigation

Mail list logo

Footer information