Nabble

|

»

»

»

DO NOT REPLY [Bug 44895] New: security environments for applets incorrect for jsp pages

View: New views

13 Messages — Rating Filter: Alert me

	DO NOT REPLY [Bug 44895] New: security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Summary: security environments for applets incorrect for jsp pages Product: Tomcat 5 Version: 5.5.17 Platform: PC URL: http://www.brookgreenconsulting.com OS/Version: Linux Status: NEW Severity: blocker Priority: P1 Component: Jasper AssignedTo: tomcat-dev@... ReportedBy: walter_b_marvin@... Unsigned java applets are allowed to make socket connections to the server where they originated. This is a fundamental design feature of the java applet sandbox. When I run a working applet through a jsp page (and subsequently tomcat 5.5) I lose this vital ability. This means my customers must mess and I must mess unnecessarily with applet signatures. This was verified by removing the applet jar file from my war file deployment, deploying it separately, and running the same <applet html tag from both a bare html script and a jsp script -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Mark Thomas <markt@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|NEW \|NEEDINFO --- Comment #1 from Mark Thomas <markt@...> 2008-04-28 12:03:58 PST --- Can you provide the HTML as seen by the browser in both cases so we can figure out where the difference is please. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Mark Thomas <markt@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Severity\|blocker \|normal --- Comment #2 from Mark Thomas <markt@...> 2008-05-07 00:19:39 PST --- Changing severity. No response in over a week - it clearly isn't that important. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 walter b marvin <walter_b_marvin@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|NEEDINFO \|ASSIGNED --- Comment #3 from walter b marvin <walter_b_marvin@...> 2008-05-07 09:09:14 PST --- I haven't replied because I had sever flu. Since you insist I'll try to add that today. Actually you should already know about this. I'm surprised you don't -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Mark Thomas <markt@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|ASSIGNED \|NEEDINFO --- Comment #4 from Mark Thomas <markt@...> 2008-05-07 10:25:54 PST --- Reset the need info flag. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 --- Comment #5 from walter b marvin <walter_b_marvin@...> 2008-05-08 13:47:37 PST --- Created an attachment (id=21937) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=21937) this simple html runs fine in netbeans with captive tomcat No jsp conversion is done. The java standard security environment applies, and sound clips can be accessed from my main server -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 --- Comment #6 from walter b marvin <walter_b_marvin@...> 2008-05-08 13:52:49 PST --- Created an attachment (id=21938) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=21938) this simple jsp script does not work on the development machine but should work when initiated from my server, because the socket connections are to the originating server -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 --- Comment #7 from walter b marvin <walter_b_marvin@...> 2008-05-08 14:18:52 PST --- Created an attachment (id=21939) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=21939) this simple jsp script does not work on the development machine but should work when initiated from my server, because the socket connections are to the originating server when jsp file is packaged in war file and deployed to my server. I obtained an access exception. Presumably even though the war file is sourced from my server, the applet security environment can no longer determine that the socket request required to obtain my sound clips are from the local server and denies the request. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Mark Thomas <markt@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|NEEDINFO \|RESOLVED Resolution\| \|INVALID --- Comment #8 from Mark Thomas <markt@...> 2008-05-08 14:50:37 PST --- At least one of your URLs is broken and your html is badly formed. You have also provided the page source rather than the HTML as seen by the browser as I requested. Everything I can see here points to a configuration error on your part rather than a Tomcat bug. I suggest you use the users mailing list if you require further help. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 walter b marvin <walter_b_marvin@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|RESOLVED \|VERIFIED --- Comment #9 from walter b marvin <walter_b_marvin@...> 2008-05-08 16:41:59 PST --- (In reply to comment #8) > At least one of your URLs is broken and your html is badly formed. > > You have also provided the page source rather than the HTML as seen by the > browser as I requested. > > Everything I can see here points to a configuration error on your part rather > than a Tomcat bug. I suggest you use the users mailing list if you require > further help. > I provided what I have. Please fix your software rather than blaming your users for your inadequadecies -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 walter b marvin <walter_b_marvin@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Resolution\|INVALID \|WONTFIX -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 walter b marvin <walter_b_marvin@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Resolution\|WONTFIX \|REMIND -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	DO NOT REPLY [Bug 44895] security environments for applets incorrect for jsp pages by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=44895 Mark Thomas <markt@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Resolution\|REMIND \|INVALID --- Comment #10 from Mark Thomas <markt@...> 2008-05-09 00:17:17 PST --- Correcting the resolution. You have yet to demonstrate that there is a bug in Tomcat and the html and jsp source your provided has at least one glaring error (one of your urls starts http://www/brookgreenconsulting.com/... rather than http://www.brookgreenconsulting.com/... The way you are using the JSP means that the browser should see pretty much exactly the same HTML regardless of whether you use an HTML page or a JSP. The error above plus your other comments regarding packaging point towards this being an error on your part rather than a bug in Tomcat. The place to seek help and advice is the users list. If as a result of asking on the users list a bug is discovered then you are, of course, free to re-open this report. Youo would need to provide the exact steps to reproduce the error on a clean Tomcat installation. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...