https://bz.apache.org/bugzilla/show_bug.cgi?id=62350
Bug ID: 62350
Summary: AccessControlException:
"org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE
", "read"
Product: Tomcat 8
Version: 8.5.31
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Target Milestone: ----
Smoke-testing Tomcat 8.5.31 + Java 8 + Security Manager.
All OK, but the following two pages fail with error 500:
http://localhost:8080/examples/jsp/jsp2/jspattribute/jspattribute.jsp
http://localhost:8080/examples/jsp/simpletag/foo.jsp
The first request fail with root cause
java.security.AccessControlException: access denied
("java.util.PropertyPermission"
"org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE" "read")
The second request fails with
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.jasper.runtime.BodyContentImpl
Looking into the source code, o.a.j.r.BodyContentImpl.BUFFER_SIZE is a new
system property, added in r1821364 - fix for bug 43925 - in Tomcat 8.5.27
onwards.
This issue is fixed by adding the following permission into
conf/catalina.policy:
permission java.util.PropertyPermission
"org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE", "read";
next to existing permission to read "BodyContentImpl.LIMIT_BUFFER".
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
