[jboss-jira] [JBoss JIRA] (REMJMX-69) ServerProxy's internal calls to MBeanServer.getClassLoader(For)() should be in a privileged block
Kabir Khan (JIRA)
jira-events at lists.jboss.org
Thu Sep 12 11:05:03 EDT 2013
Kabir Khan created REMJMX-69:
--------------------------------
Summary: ServerProxy's internal calls to MBeanServer.getClassLoader(For)() should be in a privileged block
Key: REMJMX-69
URL: https://issues.jboss.org/browse/REMJMX-69
Project: Remoting JMX
Issue Type: Feature Request
Affects Versions: 2.0.0.CR1
Reporter: Kabir Khan
Assignee: Darran Lofthouse
Fix For: 2.0.0.CR2
SetAttribute(s)Handler, InvokeHandler and CreateMBeanHandler call MBeanServer.getClassLoader() and MBeanServer.getClassLoaderFor() to set the correct classloder before invoking the 'real' methods on the MBeanServer. For WildFly's rbac implementation, these getClassLoader(For) methods are very strict only allowing superuser or administrator to call them. Since the function of these calls is internal for setAttribute(s), invoke, createMBean() the subject should be cleared, allowing them to be called in this 'internal' fashion.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list