Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-813

Assign a known ProtectionDomain to Weld proxies to enable code-source based permissions by a user

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.1.0.CR4
    • None
    • None
    • None

    Description

      I am investigating if we can atleast have a user-level workaround for the Security Manager issue (WELD-32 and corresponding GlassFish issue http://java.net/jira/browse/GLASSFISH-15078) as that may not be fixed in 1.1.0.Final.

      The Weld-generated proxies uses the default ProtectionDomain [1], as the proxies are generated using ClassLoader.defineClass(String name, byte[] b, int off, int len). This prevents a user specify an application specific permission grant to get Weld working in a SM, and having to provide the suppressAccessChecks Permission for all classes.

      Please consider modifying defining the generated proxy to use a known PD (such as the PD of the proxied Class or some other known PD/CodeSource), to enable users to provide explicit Permissions for Weld generated proxies

      [1] https://github.com/weld/core/blob/master/impl/src/main/java/org/jboss/weld/bean/proxy/ProxyFactory.java#L392

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            sivakumart_jira Sivakumar Thyagarajan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: