[jboss-jira] [JBoss JIRA] (WFLY-3487) JNDI lookups should be executed in a clean access control context
Stuart Douglas (JIRA)
issues at jboss.org
Thu Jun 12 14:51:38 EDT 2014
Stuart Douglas created WFLY-3487:
------------------------------------
Summary: JNDI lookups should be executed in a clean access control context
Key: WFLY-3487
URL: https://issues.jboss.org/browse/WFLY-3487
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Naming
Reporter: Stuart Douglas
Assignee: Stuart Douglas
This is only relevant when running under a security manager.
When doing a JNDI lookup the getReference() call to obtain the underlying value should be done in a clean access control context, so the privileges of the caller code to not affect the result of the lookup.
If it is intended that the caller code cannot lookup the bound object this should be enforced using name based JNDI permissions.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list