[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

[adrian@jboss.org]

"anil.saldhana at jboss.com" wrote : 
  | Adrian, I know you disagree. But I do not see creating a vfs policy implementation before AS5GA.

I don't disagree. I'm just saying the correct mapping should be done by the vfs layer.

The experimental FileCodeSourceGenerator shows that trying to do it yourself
leads to mistakes and the alternative of having the user specify 
them in some configuration file is an admin nightmare and also bound to lead to errors.

The way I see it, is that there are three changes required.

1) The ability to map a vfs url to a real (top level) url

2) Implementation of a VFSPermission that also implies the real url permission
(e.g. FilePermission for vfsfile:)

3) The option when you create a vfs classloader to specify whether to use
(i) the vfs url or (ii) the real url as the codesource.
Either way, we should include the VFSPermission in the ProtectionDomain
of the class defined by the VFSClassLoaderPolicy.

If you use the security.xml bootstrap file then you can use 3(i) in your java.policy
file, otherwise you need 3(ii) unless somebody makes the vfs url handlers
available to the JDK policy class.

If you use 3(ii) then you can't specify the permissions for subdeployments
seperately from the top level deployment (just like JBoss4 couldn't).

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188191#4188191

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188191