Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled - jboss-dev-forums

Thursday, 25 March 2010

Adrian Brock [http://community.jboss.org/people/adrian%40jboss.org] replied to the
discussion

"Testing jboss-reflect with a SecurityManager enabled"

To view the discussion, visit: http://community.jboss.org/message/534039#534039

--------------------------------------------------------------
...
 Kabir Khan wrote:

 The next problem is the Javassist version of the Field-/MethodAccessRestrictionTestCase.
These fail since the javassist generated accessors (from JBREFLECT-6) are able to access
private members, due to inheriting from sun.reflect.MagicAccessorImpl, so we don't get
the expected exceptions when calling private members with a security manager enabled. My
plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception
if an attempt is made to access them if they are not public and there is a security
manager present. No, if there is a SecurityManager you should do a similar check to
what is done by the Reflection based api,
i.e. whether the caller has the "suppressAccessChecks" permission.
See ReflectionMethodInfoImpl.

P.S. I don't think you've solved the whole problem, see
 https://jira.jboss.org/jira/browse/JBREFLECT-2
https://jira.jboss.org/jira/browse/JBREFLECT-2
e.g. the MagicAccessorImpl trick doesn't work on jrockit for classes outside the
bootstrap classloader.

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/534039#534039]

Start a new discussion in JBoss Microcontainer Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled