Jan Kalina created SECURITY-778:
-----------------------------------
Summary: DelegatingPolicy should delegate refresh()
Key: SECURITY-778
URL:
https://issues.jboss.org/browse/SECURITY-778
Project: PicketBox
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Components: PicketBox
Reporter: Jan Kalina
Assignee: Stefan Guilhen
Priority: Optional
DelegatingPolicy delegates non-JACC permissions to the java.security.Policy (or subclass)
object.
It delegates getPermissions() and implies() methods, but not refresh() method.
It is bad, because DelegatingPolicy is used by default in current Wildfly and applications
assuming standard policy provider and using normal security policy file will not refresh
policies from file.
Yes, user application can bypass it by using
Policy.getPolicy().getPolicyProxy().refresh();
but this require to have "org.picketbox" in dependencies, so application on
picketlink depends, or is incompatible...
This illustrate patch of my policy switching jboss extension - before patch it works only
without picketlink, after it works only with picketlink:
https://github.com/honza889/jsm-policy-subsystem/commit/f2fb420b43ac3eedb...
This should resolve this one line in DelegatingPolicy class:
{code:java}
public void refresh()
{
delegate.refresh();
}
{code}
Thanks
More informations about DelegatingPolicy:
https://community.jboss.org/wiki/DelegatingPolicy
https://github.com/picketbox/picketbox-container/blob/e8dfc3e8306cdbd2329...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira