[
https://jira.jboss.org/jira/browse/JBAOP-675?page=com.atlassian.jira.plug...
]
Flavia Rainone commented on JBAOP-675:
--------------------------------------
Scott, thanks for bringing that to my attention. I decided to wait till next Monday so we
can see what Kabir says about it:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189478
AOP weaved code needs to appropriately generate Privileged Blocks
-----------------------------------------------------------------
Key: JBAOP-675
URL:
https://jira.jboss.org/jira/browse/JBAOP-675
Project: JBoss AOP
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 2.0.0.GA
Reporter: Anil Saldhana
Assignee: Flavia Rainone
Priority: Blocker
Attachments: jboss-aop.jar
Please generate a SP release asap.
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190733
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190726
When a pointcut is applied, the aop generated code calls instanceadvisor (and other aop
baggage) inducing a security manager "getClassLoader" permission check.
You need to wrap the advisor call in a privileged block.
=================
if(System.getSecurityManager() == null)
//get your advisor
else
{
advisor = AccessController.doPrivileged(new PrivilegedAction<Advisor>(){
public Advisor run()
{
//aop
}
}
}
================================
I will probably be back with more jira issues. So a few SP versions added to your project
may not be bad. ;)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira