Optional Description
DelegatingPolicy delegates non-JACC permissions to the java.security.Policy (or subclass) object.
It delegates getPermissions() and implies() methods, but not refresh() method.
It is bad, because DelegatingPolicy is used by default in current Wildfly and applications assuming standard policy provider and using normal security policy file will not refresh policies from file.
Yes, user application can bypass it by using
Policy.getPolicy().getPolicyProxy().refresh();
but this require to have "org.picketbox" in dependencies, so application on picketlink depends, or is incompatible...
This illustrate patch of my policy switching jboss extension - before patch it works only without picketlink, after it works only with picketlink:
https://github.com/honza889/jsm-policy-subsystem/commit/f2fb420b43ac3eedbe5acde32762042e095189d6#diff-998db8f249fa4f686067810e0c894afeL41
This should resolve this one line in DelegatingPolicy class:
public void refresh()
{
delegate.refresh();
}
Thanks
More informations about DelegatingPolicy:
https://community.jboss.org/wiki/DelegatingPolicy
https://github.com/picketbox/picketbox-container/blob/e8dfc3e8306cdbd2329de2dc73bfa8fd61eca6cd/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/jacc/DelegatingPolicy.java#L219
