Message3855
When using Jython in a container with security enabled, the
"__classpath__" classpath causes a SecurityException unless there is a
FilePermission grant to "__classpath__/-". Since the injection of
"__classpath__" to the classpath is sort of a hack to get the
JavaImporter to be used, it would seem there should be code to ignore
the use of the path when loading classes. In particular, the two places
I noticed an issue are:
1) org.python.core.imp.loadFromSource(String, String, PyObject)
A check for dir.isDirectory() will cause the SecurityException. As a
potential workaround, first check for
directoryName.equals("__classpath__") and if true, return null.
2) org.python.core.SyspathJavaLoader.loadClass(String, boolean)
A call to file.length() will cause the SecurityException. As a
potential workaround, first check for !dir.equals("__classpath__")
before proceeding to create the File and read from it. |
|
Date |
User |
Action |
Args |
2008-11-26 23:11:23 | ecapachedev | set | recipients:
+ ecapachedev |
2008-11-26 23:11:23 | ecapachedev | set | messageid: <1227741083.73.0.272849485036.issue1185@psf.upfronthosting.co.za> |
2008-11-26 23:11:23 | ecapachedev | link | issue1185 messages |
2008-11-26 23:11:22 | ecapachedev | create | |
|