[jboss-jira] [JBoss JIRA] (SECURITY-778) DelegatingPolicy should delegate refresh()
Jan Kalina (JIRA)
issues at jboss.org
Thu Jan 2 09:33:32 EST 2014
Jan Kalina created SECURITY-778:
-----------------------------------
Summary: DelegatingPolicy should delegate refresh()
Key: SECURITY-778
URL: https://issues.jboss.org/browse/SECURITY-778
Project: PicketBox
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Components: PicketBox
Reporter: Jan Kalina
Assignee: Stefan Guilhen
Priority: Optional
DelegatingPolicy delegates non-JACC permissions to the java.security.Policy (or subclass) object.
It delegates getPermissions() and implies() methods, but not refresh() method.
It is bad, because DelegatingPolicy is used by default in current Wildfly and applications assuming standard policy provider and using normal security policy file will not refresh policies from file.
Yes, user application can bypass it by using
Policy.getPolicy().getPolicyProxy().refresh();
but this require to have "org.picketbox" in dependencies, so application on picketlink depends, or is incompatible...
This illustrate patch of my policy switching jboss extension - before patch it works only without picketlink, after it works only with picketlink:
https://github.com/honza889/jsm-policy-subsystem/commit/f2fb420b43ac3eedbe5acde32762042e095189d6#diff-998db8f249fa4f686067810e0c894afeL41
This should resolve this one line in DelegatingPolicy class:
{code:java}
public void refresh()
{
delegate.refresh();
}
{code}
Thanks
More informations about DelegatingPolicy:
https://community.jboss.org/wiki/DelegatingPolicy
https://github.com/picketbox/picketbox-container/blob/e8dfc3e8306cdbd2329de2dc73bfa8fd61eca6cd/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/DelegatingPolicy.java#L219
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list