https://bz.apache.org/bugzilla/show_bug.cgi?id=64794
Bug ID: 64794
Summary: Missing PropertyPermission for
"org.graalvm.nativeimage.imagecode"
Product: Tomcat 9
Version: 9.0.38
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Target Milestone: -----
org.apache.jasper.runtime.JspRuntimeLibrary class fails to initialize when
Tomcat is running under a Security Manager.
Steps to reproduce:
1. Set JAVA_HOME to a JDK. I use AdoptOpenJDK 11.0.8, on Windows.
2. Start "catalina.bat start -security"
3. Access http://localhost:8080/
The page fails fatally when it tries to render an EL expression in a JSP page.
[[[
HTTP Status 500 – Internal Server Error
...
org.apache.jasper.JasperException: An exception occurred processing [index.jsp]
at line [38]
35: <body>
36: <div id="wrapper">
37: <div id="navigation" class="curved container">
38: <span id="nav-home"><a href="${tomcatUrl}">Home</a></span>
39: <span id="nav-hosts"><a
href="${tomcatDocUrl}">Documentation</a></span>
40: <span id="nav-config"><a
href="${tomcatDocUrl}config/">Configuration</a></span>
41: <span id="nav-examples"><a
href="${tomcatExamplesUrl}">Examples</a></span>
Stacktrace:
...
Root Cause:
java.security.AccessControlException: access denied
("java.util.PropertyPermission" "org.graalvm.nativeimage.imagecode" "read")
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
java.base/java.security.AccessController.checkPermission(AccessController.java:897)
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1066)
java.base/java.lang.System.getProperty(System.java:816)
org.apache.jasper.runtime.JspRuntimeLibrary.<clinit>(JspRuntimeLibrary.java:72)
org.apache.jasper.el.JasperELResolver.<init>(JasperELResolver.java:70)
...
]]]
Looking at the code of JspRuntimeLibrary class, reading that property was added
by commit 73288c6b3c979777054e4fc5baf0163c84bb2ac9 [1] on 2020-07-24.
[1]
https://github.com/apache/tomcat/commit/73288c6b3c979777054e4fc5baf0163c84bb2ac9
Notes:
1. The issue is reproducible for Tomcat 9.0.39 (release candidate) and 9.0.38.
I have not tested 9.0.37 yet, but judging by the date of the commit, I think
that version is not affected.
2. A workaround is to add a permission to the conf/catalina.policy file. A line
to be added to the section of generic permissions ("grant {"):
[[[
permission java.util.PropertyPermission
"org.graalvm.nativeimage.imagecode", "read";
]]]
3. Looking at the commit [1], the change was added to 3 files.
4. Maybe document this property at
https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
