[
https://issues.jboss.org/browse/SECURITY-600?page=com.atlassian.jira.plug...
]
Anil Saldhana commented on SECURITY-600:
----------------------------------------
How different is this from users installing factories in the app server? When the AS is
run under a JSM, the expectation is that the user/administrator is aware of the dangers of
security permission provisioning.
SecurityClientFactory.getSecurityClient(String) allows
artbitrary/user code to be run in a priviledged block
------------------------------------------------------------------------------------------------------------
Key: SECURITY-600
URL:
https://issues.jboss.org/browse/SECURITY-600
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: PicketBox_v4_0_beta4
Reporter: Carlo de Wolf
Assignee: Anil Saldhana
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira