Uploaded image for project: 'CDI Specification Issues'
  1. CDI Specification Issues
  2. CDI-699

AnnotationLiteral should use privileged actions for reflective operations

    XMLWordPrintable

Details

    Description

      Currently, if an application declares its own literal which extends AnnotationLiteral and is run with SecurityManager enabled, some methods might lead to SecurityException (e.g. AnnotationLiteral.getMembers() called in constructor requires accessDeclaredMembers permission). The only possible fix seems to be to grant the permission to the deployment/application which is not very convenient. If privileged actions were used, the app server could grant the permissions to the provided CDI API module only.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. WELD-2496 org.jboss.weld.literal.BeforeDestroyedLiteral may fail to initialize with a security manager

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is related to

          Feature Request - Feature requests from customers and/or users CDI-486 Define security constraints for using CDI SPI

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              asabotdu@redhat.com Antoine Sabot-Durand (Inactive)
              mkouba@redhat.com Martin Kouba
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: