Hi,

we upgraded from Seam 2.0.3.CR1 to 2.2.0.GA. Now our applications, running with a security manager enabled, throw AccessControlExceptions because in org.jboss.seam.init.Initialization.create() the system properties are read.

Unfortunately it is necessary to grant read,write access for the system properties just to read them, which would give the applications the right to change a system property.
Something that is suboptimal from a security point of view.

We see three solutions to the problem:
a) add the permission and live with this security flaw
b) patch Seam
c) define a fixed system property which controls the inclusion of the system properties.This could be done backward compatible (e.g. -Dorg.jboss.seam.init.noSysProps)

Any suggestions?

awi