Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
I am investigating if we can atleast have a user-level workaround for the Security Manager issue (WELD-32 and corresponding GlassFish issue http://java.net/jira/browse/GLASSFISH-15078) as that may not be fixed in 1.1.0.Final.
The Weld-generated proxies uses the default ProtectionDomain [1], as the proxies are generated using ClassLoader.defineClass(String name, byte[] b, int off, int len). This prevents a user specify an application specific permission grant to get Weld working in a SM, and having to provide the suppressAccessChecks Permission for all classes.
Please consider modifying defining the generated proxy to use a known PD (such as the PD of the proxied Class or some other known PD/CodeSource), to enable users to provide explicit Permissions for Weld generated proxies