David Lloyd created SECURITY-862:
------------------------------------
Summary: Creating a subject requires special permissions
Key: SECURITY-862
URL:
https://issues.jboss.org/browse/SECURITY-862
Project: PicketBox
Issue Type: Bug
Reporter: David Lloyd
Assignee: Stefan Guilhen
When a client calls createSubject on a JBossSecuritySubjectFactory, it ultimately causes
SecurityConfiguration#getApplicationPolicy() to be called which requires a special
permission.
This should probably be done as a privileged block, with a simple createSubject permission
of some sort replacing this.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)