[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: JBREFLECT-50, determining need for setAccessible bug
scott.stark@jboss.org
do-not-reply at jboss.com
Mon Feb 16 17:36:54 EST 2009
And speaking of running under a security manager, the SetAccessible PrivilegedAction in ReflectMethodInfoImpl should not be used because the security check should not be based on the jboss-reflect codebase. It needs to be based on the codebase calling into the reflection layer, and in reality, the code that is actually doing the invocation.
I can see a general jboss layer like the management layer needing to obtain the reflection view, but the determination as to whether setAccessible can be called should be done when the invocation is made to validate that the caller codebase wanting to access or set a property value is not bypassing the underlying bean class java language security declarations.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210537#4210537
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210537
More information about the jboss-dev-forums
mailing list