Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3487

JNDI lookups should be executed in a clean access control context

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 9.0.0.Alpha1
    • Component/s: Naming
    • Labels:
      None

      Description

      This is only relevant when running under a security manager.

      When doing a JNDI lookup the getReference() call to obtain the underlying value should be done in a clean access control context, so the privileges of the caller code to not affect the result of the lookup.

      If it is intended that the caller code cannot lookup the bound object this should be enforced using name based JNDI permissions.

        Attachments

          Activity

            People

            Assignee:
            swd847 Stuart Douglas
            Reporter:
            swd847 Stuart Douglas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: