anonymous wrote : | Also I don't see a test in the kernel project that is validating | that you can't use the xml deployment (or programmatic deployment) | to bypass the private field access. | | e.g. See the AccessControlTestCase that validates | that somebody can't use the MC to get access the system properties if they | don't have the right to do so. | Looking at that test, plus trying the 'suck it and see' principle with setting up the FieldAccess test, I fail to get it to fail on access restriction. My bean looks like this: | public class AccessBean | { | @SuppressWarnings("unused") | private String priString; | protected String protString; | public String pubString; | } | and the test class extends AbstractDeploymentTest which enables security. | public static AbstractTestDelegate getDelegate(Class<?> clazz) throws Exception | { | AbstractTestDelegate delegate = MicrocontainerTest.getDelegate(clazz); | delegate.enableSecurity = true; | return delegate; | } | While trying this: | <bean name="private" class="org.jboss.test.kernel.deployment.support.AccessBean" access-mode="ALL"> | <property name="priString">foobar</property> | </bean> | | <bean name="protected" class="org.jboss.test.kernel.deployment.support.AccessBean" access-mode="ALL"> | <property name="protString">foobar</property> | </bean> | both beans get normally installed. What am I missing? Since 'enableSecurity=true' does the trick on PropertyField2DependencyTestCase (where I had to disable it in order to test what I wanted to test). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137800#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...