Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3487

JNDI lookups should be executed in a clean access control context

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 9.0.0.Alpha1
    • Component/s: Naming
    • Labels:
      None

      Description

      This is only relevant when running under a security manager.

      When doing a JNDI lookup the getReference() call to obtain the underlying value should be done in a clean access control context, so the privileges of the caller code to not affect the result of the lookup.

      If it is intended that the caller code cannot lookup the bound object this should be enforced using name based JNDI permissions.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                swd847 Stuart Douglas
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: