[jboss-user] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

Adrian Brock do-not-reply at jboss.com
Thu Mar 25 13:50:08 EDT 2010

Adrian Brock [http://community.jboss.org/people/adrian%40jboss.org] replied to the discussion

"Testing jboss-reflect with a SecurityManager enabled"

To view the discussion, visit: http://community.jboss.org/message/534039#534039

> Kabir Khan wrote:
> The next problem is the Javassist version of the Field-/MethodAccessRestrictionTestCase. These fail since the javassist generated accessors (from JBREFLECT-6) are able to access private members, due to inheriting from sun.reflect.MagicAccessorImpl, so we don't get the expected exceptions when calling private members with a security manager enabled. My plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception if an attempt is made to access them if they are not public and there is a security manager present.
No, if there is a SecurityManager you should do a similar check to what is done by the Reflection based api,
i.e. whether the caller has the "suppressAccessChecks" permission.
See ReflectionMethodInfoImpl.

P.S. I don't think you've solved the whole problem, see
 https://jira.jboss.org/jira/browse/JBREFLECT-2 https://jira.jboss.org/jira/browse/JBREFLECT-2
e.g. the MagicAccessorImpl trick doesn't work on jrockit for classes outside the bootstrap classloader.


Reply to this message by going to Community

Start a new discussion in JBoss Microcontainer Development at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100325/005db09c/attachment.html 

More information about the jboss-user mailing list