[jboss-jira] [JBoss JIRA] (JBEE-190) AuthConfigFactory.getFactory() checking wrong permission.
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Mar 23 10:11:01 EDT 2018
[ https://issues.jboss.org/browse/JBEE-190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13550661#comment-13550661 ]
Darran Lofthouse commented on JBEE-190:
---------------------------------------
Also if a global factory does not already exist the setFactorySecurityPermission is also required.
> AuthConfigFactory.getFactory() checking wrong permission.
> ---------------------------------------------------------
>
> Key: JBEE-190
> URL: https://issues.jboss.org/browse/JBEE-190
> Project: JBoss JavaEE Spec APIs
> Issue Type: Bug
> Components: jboss-jaspi-api
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
> The method currently performs the following check: -
> {code:java}
> //Validate the caller permission
> SecurityManager sm = System.getSecurityManager();
> if (sm != null)
> sm.checkPermission(new SecurityPermission("getFactory"));
> {code}
> However it is supposed to be using 'getFactorySecurityPermission'.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list