Description
Matt Goldspink opened SPR-6308 and commented
We have a shared hosting environment for all our Tomcat containers in the firm and multiple teams may have webapps in the same Tomcat instance. As such the security policy is setup to disallow access to System.getProperties() as this will return a mutable view of all the system properties and if one application were to manipulate these it may adversely affect other applications in the same container.
We know the workaround for now is to simply drop in a bean named systemProperties but we would prefer a fix on the Spring side for this because it will likely catch all other groups that run a similar model to us. It seams like adding a simple bean which just delegates the call to System.getProperty("name") (which is not locked down) would be good enough to do this.
Affects: 3.0 RC1
Issue Links:
- SPR-6308 problem still exists in Spring Release 3.1.3 [SPR-10362] #14994 SPR-6308 problem still exists in Spring Release 3.1.3
- StandardEnvironment's system environment access produces warning with stacktrace on WebSphere [SPR-11297] #15921 StandardEnvironment's system environment access produces warning with stacktrace on WebSphere
- getenv.* : Access denied (java.lang.RuntimePermission getenv.*) [SPR-6287] #10954 getenv.* : Access denied (java.lang.RuntimePermission getenv.*)
Referenced from: commits 68f57aa