Bug 36228 - (request.getHeaders(key)).nextElement() needs additional Permissions
(request.getHeaders(key)).nextElement() needs additional Permissions
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Catalina
5.5.9
Other other
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2005-08-17 16:23 UTC by Gernot
Modified: 2005-08-17 09:11 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gernot 2005-08-17 16:23:21 UTC
Running tomcat with security manager "(request.getHeaders(key)).nextElement()"
will cause following exception:

java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.buf)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at org.apache.tomcat.util.buf.StringCache.toString(StringCache.java:282)
        at org.apache.tomcat.util.buf.ByteChunk.toString(ByteChunk.java:461)
        at org.apache.tomcat.util.buf.MessageBytes.toString(MessageBytes.java:209)
        at
org.apache.tomcat.util.http.ValuesEnumerator.nextElement(MimeHeaders.java:423)

To work properly you have to add
"accessClassInPackage.org.apache.tomcat.util.buf" RuntimePermission.
Using the core servlet api should not require that internal tomcat packages have
to be exposed to the webapp.
Comment 1 Remy Maucherat 2005-08-17 17:11:25 UTC
Ok.