Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

static final boolean org.apache.jasper.Constants.IS_SECURITY_ENABLED results in erroneous state when security is enabled dynamically #11

Open
glassfishrobot opened this issue Aug 18, 2013 · 3 comments
Open

static final boolean org.apache.jasper.Constants.IS_SECURITY_ENABLED results in erroneous state when security is enabled dynamically #11

glassfishrobot opened this issue Aug 18, 2013 · 3 comments

Comments

@glassfishrobot
Copy link

  1. start app server normally (no security)
  2. assuming any normal webapp is initialized, a JspRuntimeContext will be created and at first invocation

Constants.IS_SECURITY_ENABLED = (System.getSecurityManager() != null);

is evaluated.

  1. deploy some later component (ie. a webapp) which does:

System.setSecurityManager(new SecurityManager());

  1. from that point, all Jasper code will provide the incorrect security state, app server wide

Environment

Any
@glassfishrobot
Copy link
Author

@glassfishrobot Commented
Reported by rotty

@glassfishrobot
Copy link
Author

@glassfishrobot Commented
This issue was imported from java.net JIRA JSP-37

@glassfishrobot
Copy link
Author

@glassfishrobot glassfishrobot self-assigned this Aug 17, 2018
@markt-asf markt-asf transferred this issue from jakartaee/pages Dec 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glassfishrobot