DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7578>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7578 Signed jars loses their certificates when in /WEB-INF/lib Summary: Signed jars loses their certificates when in /WEB- INF/lib Product: Tomcat 4 Version: 4.0.3 Final Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Minor Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] This stops me from doing funky things with policies and perfoming some integrity checks... Steps to reproduce: 1. Sign a jar 2. Put it in /WEB-INF/lib of some webapp 3. Grant permission java.lang.RuntimePermission "getProtectionDomain" to everyone in 'catalina.policy'. 4. Execute the following in a servlet, JSP, etc: java.security.cert.Certificate[] jarSigners = ClassInJar.class.getProtectionDomain().getCodeSource().getCertificates (); if ( jarSigners == null ) System.out.println( "Houston, we've got a problem..." ); else System.out.println( "All's well..." ); An interesting workaround is that if you move the jar to /common/lib, you get an "all's well" message. I can work with this for the moment, but I'd prefer my webapps to be self-contained... (This also happens in TC4.0) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
