[jboss-jira] [JBoss JIRA] Commented: (JBAOP-675) AOP weaved code needs to appropriately generate Privileged Blocks

Scott M Stark (JIRA) jira-events at lists.jboss.org
Thu Nov 20 02:30:36 EST 2008 

    [ https://jira.jboss.org/jira/browse/JBAOP-675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12439038#action_12439038 ] 

Scott M Stark commented on JBAOP-675:
-------------------------------------

Also note this discussion on vfs permission that brought up what the codebase of dynamically generated code under a vfsmemory: url would be:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189478

dynamically generated code should only have a privileged block if we can assign the code's code source to the deployment that created the vfsmemory: url. I doubt this is solvable in the scope of this issue, but its something to consider.


> AOP weaved code needs to appropriately generate Privileged Blocks
> -----------------------------------------------------------------
>
>                 Key: JBAOP-675
>                 URL: https://jira.jboss.org/jira/browse/JBAOP-675
>             Project: JBoss AOP
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 2.0.0.GA
>            Reporter: Anil Saldhana
>            Priority: Blocker
>
> Please generate a SP release asap.
> http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190733
> http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190726
> When a pointcut is applied, the aop generated code calls instanceadvisor (and other aop baggage) inducing a security manager "getClassLoader" permission check.  
> You need to wrap the advisor call in a privileged block.
> =================
> if(System.getSecurityManager() == null)
>    //get your advisor
> else
> {
>    advisor = AccessController.doPrivileged(new PrivilegedAction<Advisor>(){
>        public Advisor run()
>        {
>            //aop
>         }
>      }
> }
> ================================
> I will probably be back with more jira issues. So a few SP versions added to your project may not be bad. ;)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list