Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3487

JNDI lookups should be executed in a clean access control context

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 9.0.0.Alpha1
    • None
    • Naming
    • None

    Description

      This is only relevant when running under a security manager.

      When doing a JNDI lookup the getReference() call to obtain the underlying value should be done in a clean access control context, so the privileges of the caller code to not affect the result of the lookup.

      If it is intended that the caller code cannot lookup the bound object this should be enforced using name based JNDI permissions.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            sdouglas1@redhat.com Stuart Douglas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: