DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13907>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13907 security manager does not give read permission on a context by default Summary: security manager does not give read permission on a context by default Product: Tomcat 4 Version: 4.1.12 Platform: Other OS/Version: FreeBSD Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Under 4.0.3 with the default catalina.policy and -security, JSPs in each context have read access to files in that context. Under 4.1.12 this behaviour seems to be broken. A test.jsp fails under 4.1.12 with the following error when run with the security manager: org.apache.jasper.JasperException: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read) the following is the content of the test JSP: <% String fullPath = pageContext.getServletContext().getRealPath("/test2.new"); out.println("Path: " + fullPath); java.io.File foo = new java.io.File(fullPath); if (foo.exists()) out.println("Exists: " + fullPath); else { out.println("does not exist"); } %> -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
