Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-442

Review of AccessController and PrivilegedAction use across the application server.

    XMLWordPrintable

Details

    Description

      The following needs reviewing across AS7: -

      • On demand instantiation of PrivilegedActions where singletons would suffice (Consider frequency of calls, gc may be preferable).
      • Use of AccessController even though there is no SecurityManager set.
      • Code duplication, in every case I have seen so far the code is the same regardless of if PRIVILEGED or NON_PRIVILEGED
      • Utility methods with visibility too high.
      • In depth review of the other methods, i.e. if the first thing a public method does is set the class loader based on a parameter passed in it could be used badly - it may even be a justification for that method to NOT use a PrivilegedAction.
      • Code that requires to be executed using a PrivilegedAction should also be double checked that it is not doing too much as the identity of the caller.

      Attachments

        Issue Links

          is related to

          Task - Represents a small unit of work that is not end-user facing. JBWS-3610 Review of AccessController and PrivilegedAction use across JBossWS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: