I stand corrected.
The below problem was a bug in Tomcat. Wrapping the RequestDispatcher
forward() and include() methods with a doPrivileged() if a SecurityManager
is being used fixed the problem. When Tomcat 3.2.2 is released you will
no longer need to edit the jre/lib/security/java.security file to comment
out the package.access=sun. line.
This fix is in the 3.2 CVS branch, and will be in the Tomcat 3.2.2 release.
Regards,
Glenn
Glenn Nielsen wrote:
>
> This isn't a Tomcat bug, its the way security works (whether correct or not).
> Perhaps this should be sent in as a Java bug report to Sun.
>
> This is documented in tomcat-security.html, you have to comment out
> the line:
>
> package.access=sun.
>
> in your $JAVA_HOME/jre/lib/security/java.security file.
>
> BugRat Mail System wrote:
> >
> > Bug report #690 has just been filed.
> >
> > You can view the report at the following URL:
> >
> > <http://znutar.cortexity.com/BugRatViewer/ShowReport/690>
> >
> > REPORT #690 Details.
> >
> > Project: Tomcat
> > Category: Bug Report
> > SubCategory: New Bug Report
> > Class: swbug
> > State: received
> > Priority: high
> > Severity: serious
> > Confidence: public
> > Environment:
> > Release: Tomcat 3.2.1
> > JVM Release: 1.2.2
> > Operating System: Windows 2000 Pro
> > OS Release: ?
> > Platform: Intel
> >
> > Synopsis:
> > jsp compliation error
> >
> > Description:
> > The default javasoft/JRE/1.2/lib/security/java.security file restricts use of the
>sun. packages.
> >
> > Both Tomcat and EmbededTomcat fail with the following error:
> >
> > Unable to compile class for JSP
> > java.security.AccessControlException: access denied (java.lang.RuntimePermission
>accessClassInPackage.sun.tools.java
> >
> > Adding the following to the default tomcat.policy file does not correct the error:
> >
> > grant {
> > permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.java";
> > };
> >
> >
>------------------------------------------------------------------------------------------
> > Name: Report-690.html
> > Report-690.html Type: Hypertext Markup Language (text/html)
> > Encoding: 7bit
> > Description: DataSource attachment 'Report-690.html'
> >
> > Part 1.3Type: Plain Text (text/plain)
>
> --
> ----------------------------------------------------------------------
> Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
> MOREnet System Programming | * if iz ina coment. |
> Missouri Research and Education Network | */ |
> ----------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
--
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
