[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149
scott.stark@jboss.org
do-not-reply at jboss.com
Fri Nov 14 13:44:46 EST 2008
So you have org.jboss.aspect.TCCL which sets the TCCL that is applied a call to Thread.setContextClassLoader that uses a privileged block to isolate the caller. So the first issue is that this cannot be a mechanism to circumvent the security check for calling setContextClassLoader, so the application of the aspect has to have a security check that applies to codebase where the aspect is being applied. I'm sure the aop layer does not make this check today.
I still think the generated bytecode in the vfsmemory: location also has a permission that is inherited from the aspect codebase so that you know what an aspect is allowed to do. Unless I have granted the setContextClassLoader to the aspect, I'm not going to be able to apply it to some call context to change the caller's ability to perform a privileged operation.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189501#4189501
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4189501
More information about the jboss-dev-forums
mailing list