[cdi-dev] [JBoss JIRA] (CDI-699) AnnotationLiteral should use privileged actions for reflective operations
Antoine Sabot-Durand (JIRA)
issues at jboss.org
Thu Jun 21 06:58:00 EDT 2018
[ https://issues.jboss.org/browse/CDI-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antoine Sabot-Durand updated CDI-699:
-------------------------------------
Fix Version/s: 2.0.SP1
(was: 2.1 (Discussion))
> AnnotationLiteral should use privileged actions for reflective operations
> -------------------------------------------------------------------------
>
> Key: CDI-699
> URL: https://issues.jboss.org/browse/CDI-699
> Project: CDI Specification Issues
> Issue Type: Bug
> Components: Javadoc and API
> Reporter: Martin Kouba
> Labels: security-manager
> Fix For: 2.0.SP1
>
>
> Currently, if an application declares its own literal which extends {{AnnotationLiteral}} and is run with {{SecurityManager}} enabled, some methods might lead to {{SecurityException}} (e.g. {{AnnotationLiteral.getMembers()}} called in constructor requires {{accessDeclaredMembers}} permission). The only possible fix seems to be to grant the permission to the deployment/application which is not very convenient. If privileged actions were used, the app server could grant the permissions to the provided CDI API module only.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the cdi-dev
mailing list