[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: Field injection

Monday, 17 March 2008

"alesj" wrote : &quot;adrian(a)jboss.org&quot; wrote : In case its not clear
  | Nope, not clear. :-)
  | OK, I'm glad I didn't introduce security hole :-), but I don't see why
your example will fail with the current code?
  | 

It won't fail with the current code.

anonymous wrote : 
  | And you're saying this field.setAcceessible should be in privileged block?

Yes, this object gets cached and used across threads. You can't guarantee
that the caller will be able to setAccessible(), but they still want to be able
to use the FieldInfo (even if they can't invoke on it).

Write some tests for the security stuff then you'll understand.
e.g. A caller doesn't have permission to setAccessible()
but still wants to generate a BeanInfo for the class (without the private fields).

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137053#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: Field injection