[jboss-jira] [JBoss JIRA] (AS7-6109) JndiPermission to secure access to naming

[Lukas Krejci (JIRA)]

     [ https://issues.jboss.org/browse/AS7-6109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukas Krejci updated AS7-6109:
------------------------------

    Git Pull Request:   (was: https://github.com/jbossas/jboss-as/pull/3596)

    
> JndiPermission to secure access to naming
> -----------------------------------------
>
>                 Key: AS7-6109
>                 URL: https://issues.jboss.org/browse/AS7-6109
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Naming
>    Affects Versions: 7.1.1.Final
>            Reporter: Lukas Krejci
>            Assignee: Eduardo Martins
>
> The naming subsystem defines the JndiPermission permission class that gives the impression that it could be potentially used to secure the access to various parts of the JNDI tree. This is not true though because that permission is not enforced.
> (It is enforced in the InMemoryNamingStore but that implementation of the naming store is not used inside a running AS7 instance (it seems to be a default for testing purposes).
> Having this ability would greatly simplify the situation where some application (like RHQ/JBoss ON) allows user-defined scripts to be executed in a running server but wants to restrict access to JNDI tree to those scripts (so that the scripts for example cannot access the database by looking up the datasource and thus circumvent any authz within the application that was given to the scripts).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira