https://issues.apache.org/bugzilla/show_bug.cgi?id=55446
Bug ID: 55446
Summary: static final boolean
org.apache.jasper.Constants.IS_SECURITY_ENABLED
results in erroneous state when security is enabled
dynamically
Product: Tomcat 7
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Jasper
Assignee: [email protected]
Reporter: [email protected]
1) start app server normally (no security)
2) assuming any normal webapp is initialized, a JspRuntimeContext will be
created and at first invocation
Constants.IS_SECURITY_ENABLED = (System.getSecurityManager() != null);
is evaluated.
3) deploy some later component (ie. a webapp) which does:
System.setSecurityManager(new SecurityManager());
4) from that point, all Jasper code will provide the incorrect security state,
app server wide
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
