[weld-issues] [JBoss JIRA] Commented: (WELD-813) Assign a known ProtectionDomain to Weld proxies to enable code-source based permissions by a user
Stuart Douglas (JIRA)
jira-events at lists.jboss.org
Thu Dec 30 16:50:17 EST 2010
[ https://issues.jboss.org/browse/WELD-813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572555#comment-12572555 ]
Stuart Douglas commented on WELD-813:
-------------------------------------
https://github.com/weld/core/pull/96
> Assign a known ProtectionDomain to Weld proxies to enable code-source based permissions by a user
> -------------------------------------------------------------------------------------------------
>
> Key: WELD-813
> URL: https://issues.jboss.org/browse/WELD-813
> Project: Weld
> Issue Type: Bug
> Reporter: Sivakumar Thyagarajan
> Assignee: Stuart Douglas
> Fix For: 1.1.0.Final
>
>
> I am investigating if we can atleast have a user-level workaround for the Security Manager issue (WELD-32 and corresponding GlassFish issue http://java.net/jira/browse/GLASSFISH-15078) as that may not be fixed in 1.1.0.Final.
> The Weld-generated proxies uses the default ProtectionDomain [1], as the proxies are generated using ClassLoader.defineClass(String name, byte[] b, int off, int len). This prevents a user specify an application specific permission grant to get Weld working in a SM, and having to provide the suppressAccessChecks Permission for all classes.
> Please consider modifying defining the generated proxy to use a known PD (such as the PD of the proxied Class or some other known PD/CodeSource), to enable users to provide explicit Permissions for Weld generated proxies
> [1] https://github.com/weld/core/blob/master/impl/src/main/java/org/jboss/weld/bean/proxy/ProxyFactory.java#L392
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the weld-issues
mailing list