[jboss-dev-forums] [Design the new POJO MicroContainer] - Field access restriction

[alesj]

anonymous wrote : 
  | Also I don't see a test in the kernel project that is validating
  | that you can't use the xml deployment (or programmatic deployment)
  | to bypass the private field access.
  | 
  | e.g. See the AccessControlTestCase that validates
  | that somebody can't use the MC to get access the system properties if they
  | don't have the right to do so.
  | 
Looking at that test, plus trying the 'suck it and see' principle with setting up the FieldAccess test, I fail to get it to fail on access restriction.

My bean looks like this:

  | public class AccessBean
  | {
  |    @SuppressWarnings("unused")
  |    private String priString;
  |    protected String protString;
  |    public String pubString;
  | }
  | 
and the test class extends AbstractDeploymentTest which enables security.

  |    public static AbstractTestDelegate getDelegate(Class<?> clazz) throws Exception
  |    {
  |       AbstractTestDelegate delegate = MicrocontainerTest.getDelegate(clazz);
  |       delegate.enableSecurity = true;
  |       return delegate;
  |    }
  | 

While trying this:

  |    <bean name="private" class="org.jboss.test.kernel.deployment.support.AccessBean" access-mode="ALL">
  |       <property name="priString">foobar</property>
  |    </bean>
  | 
  |    <bean name="protected" class="org.jboss.test.kernel.deployment.support.AccessBean" access-mode="ALL">
  |       <property name="protString">foobar</property>
  |    </bean>
  | 

both beans get normally installed.

What am I missing?
Since 'enableSecurity=true' does the trick on PropertyField2DependencyTestCase (where I had to disable it in order to test what I wanted to test).

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137800#4137800

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137800