[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: Field injection
adrian@jboss.org
do-not-reply at jboss.com
Mon Mar 17 09:43:58 EDT 2008
"alesj" wrote : "adrian at jboss.org" wrote : In case its not clear
| Nope, not clear. :-)
| OK, I'm glad I didn't introduce security hole :-), but I don't see why your example will fail with the current code?
|
It won't fail with the current code.
anonymous wrote :
| And you're saying this field.setAcceessible should be in privileged block?
Yes, this object gets cached and used across threads. You can't guarantee
that the caller will be able to setAccessible(), but they still want to be able
to use the FieldInfo (even if they can't invoke on it).
Write some tests for the security stuff then you'll understand.
e.g. A caller doesn't have permission to setAccessible()
but still wants to generate a BeanInfo for the class (without the private fields).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137053#4137053
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137053
More information about the jboss-dev-forums
mailing list