Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
The ClientHttpEngineBuilder43.build() loads the ClientConfigProvider via a service loader. This is not done in a privileged action requiring users to explicitly add permissions. The service loader iteration should happen in a privileged action to avoid the user having to add overly verbose file permissions.
Snippet
Iterator clientConfigProviderIterator = ServiceLoader.load(ClientConfigProvider.class).iterator(); ... // Fails here } else if (clientConfigProviderIterator.hasNext()) { // delegate creation of socket to ClientConfigProvider implementation final ClientConfigProvider configProvider = ((ClientConfigProvider) clientConfigProviderIterator.next());
Attachments
Issue Links
- is incorporated by
-
WFLY-17404 Upgrade RESTEasy to 6.2.2.Final
-
- Closed
-
