]
Farah Juma updated WFLY-7581:
-----------------------------
Summary: Drop the use of the org.jboss.invocation.PrivilegedWithCombinerInterceptor to
be compatible with JBoss Invocation 1.5.0 (was: Drop the use of the
org.jboss.invocation.PrivilegedWithCombinerInterceptor)
Drop the use of the
org.jboss.invocation.PrivilegedWithCombinerInterceptor to be compatible with JBoss
Invocation 1.5.0
-----------------------------------------------------------------------------------------------------------------------
Key: WFLY-7581
URL:
https://issues.jboss.org/browse/WFLY-7581
Project: WildFly
Issue Type: Task
Components: EE
Reporter: Farah Juma
Assignee: Farah Juma
Due to the security implications of PrivilegedInterceptor and
PrivilegedWithCombinerInterceptor, these two interceptors were changed to be no-operation
a while back. These interceptors have been removed in jboss-invocation 1.5.0.Beta2.
PrivilegedWithCombinerInterceptor is still currently being used in WildFly but we should
be able to drop the use of this interceptor.
Relevant HipChat discussion with David:
{code}
[3:18 PM] Farah Juma: So far, with the latest jboss-invocation SNAPSHOT, I'm running
into many WildFly testsuite failures related to the
org.jboss.invocation.PrivilegedWithCombinerInterceptor class not being found
[3:18 PM] Farah Juma: This class was removed in jboss-invocation 1.5.0.Beta2
[3:26 PM] Farah Juma: Just wondering what should now be used instead of the
PrivilegedWithCombinerInterceptor
[3:26 PM] David M. Lloyd: hmm that class was actually used?
[3:27 PM] David M. Lloyd: the class was basically a giant security hole
[3:28 PM] Farah Juma: it's used in these four classes: DefaultComponentConfigurator,
ManagedBeanAnnotationProcessor, EJBComponentDescription, and
AbstractIntegrationProcessorJAXWS
[3:29 PM] David M. Lloyd: I think it's got to be safe to just remove it
[3:29 PM] David M. Lloyd: because [a] we're not using picketbox anymore, and [b] it
was a no-op without a security manager present anyway
[3:31 PM] Farah Juma: ok, thanks, I'll remove the references to it
[3:36 PM] David M. Lloyd: to be clear, those doPrivileged interceptors were not
specifically to support PB: they were to ensure that applications run with only their own
privileges
[3:37 PM] David M. Lloyd: the combiner part was necessary to propagate Subject, which
might still be necessary
[3:37 PM] David M. Lloyd: but since the privileged part was not, just dropping the
interceptors works just fine to propagate Subject (because there's nothing stopping
said propagation)
[3:38 PM] David M. Lloyd: because of the security implications of those two interceptors,
they were changed to be no-operation a while ago, so it should be no loss
{code}