[jboss-dev-forums] [JBoss Microcontainer Development] New message: "Re: Security problems with org.jboss.test:jboss-test 1.1.5.GA"
JBoss development,
A new message was posted in the thread "Security problems with
org.jboss.test:jboss-test 1.1.5.GA":
http://community.jboss.org/message/530190#530190
Author : Ales Justin
Profile : http://community.jboss.org/people/alesj
Message:
--------------------------------------------------------------
Why not add a Privileged Block to the test class rather than do all
the SM disable/enable circus?
This won't work -- as the test itself is already
under security, hence privileged block would kick-in too late.
e.g. otherwise one could always get past it by simply declaring pb -- but who knows this
better then you ;-)
In addition to the Priv Block addition, you will have to figure out
what is the security policy the security mgr is using. Because you will have to add policy
permission there for your test class.
OK, unless you do this -- which is much more
work than simple SM disable/enable.
It's not like we're breaching security here :-), it's just that we want to
stick with it,
in order to see if the tested code actually has proper PBs, not the test itself. ;-)
--------------------------------------------------------------
To reply to this message visit the message page:
http://community.jboss.org/message/530190#530190