[cdi-dev] [JBoss JIRA] (CDI-699) AnnotationLiteral should use privileged actions for reflective operations

Antoine Sabot-Durand (JIRA) issues at jboss.org
Thu Jun 21 06:58:00 EDT 2018


     [ https://issues.jboss.org/browse/CDI-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antoine Sabot-Durand updated CDI-699:
-------------------------------------
    Fix Version/s: 2.0.SP1
                       (was: 2.1 (Discussion))


> AnnotationLiteral should use privileged actions for reflective operations
> -------------------------------------------------------------------------
>
>                 Key: CDI-699
>                 URL: https://issues.jboss.org/browse/CDI-699
>             Project: CDI Specification Issues
>          Issue Type: Bug
>          Components: Javadoc and API
>            Reporter: Martin Kouba
>              Labels: security-manager
>             Fix For: 2.0.SP1
>
>
> Currently, if an application declares its own literal which extends {{AnnotationLiteral}} and is run with {{SecurityManager}} enabled, some methods might lead to {{SecurityException}} (e.g. {{AnnotationLiteral.getMembers()}} called in constructor requires {{accessDeclaredMembers}} permission). The only possible fix seems to be to grant the permission to the deployment/application which is not very convenient. If privileged actions were used, the app server could grant the permissions to the provided CDI API module only.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)


More information about the cdi-dev mailing list