[jboss-user] [JBoss Microcontainer Development] New message: "Re: Security problems with org.jboss.test:jboss-test 1.1.5.GA"

Ales Justin do-not-reply at jboss.com
Fri Mar 5 09:55:24 EST 2010


User development,

A new message was posted in the thread "Security problems with org.jboss.test:jboss-test 1.1.5.GA":

http://community.jboss.org/message/530190#530190

Author  : Ales Justin
Profile : http://community.jboss.org/people/alesj

Message:
--------------------------------------------------------------

> Why not add a Privileged Block to the test class rather than do all the SM disable/enable circus?
This won't work -- as the test itself is already under security, hence privileged block would kick-in too late.
e.g. otherwise one could always get past it by simply declaring pb -- but who knows this better then you ;-)
 
> In addition to the Priv Block addition, you will have to figure out what is the security policy the security mgr is using. Because you will have to add policy permission there for your test class.
OK, unless you do this -- which is much more work than simple SM disable/enable.
 
It's not like we're breaching security here :-), it's just that we want to stick with it,
in order to see if the tested code actually has proper PBs, not the test itself. ;-)

--------------------------------------------------------------

To reply to this message visit the message page: http://community.jboss.org/message/530190#530190




More information about the jboss-user mailing list