glassfish
  1. glassfish
  2. GLASSFISH-17747

Weld / JSF Is Not Working Without java.lang.reflect.ReflectPermission suppressAccessChecks

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2
    • Component/s: security
    • Labels:
      None
    • Environment:

      All

      Description

      J2EESecurityManager has an implicit permission which is not specified in the server.policy:

      "class java.net.SocketPermission => java.net.SocketPermissionCollection@2b4b8486 (
      ("java.net.SocketPermission" "localhost:1024-" "listen,resolve")
      )
      "

      Is is impossible (how to remove the permission above?) to prevent Java EE applications from opening sockets:

      SecurityManager security = System.getSecurityManager();
      security.checkListen(4242);
      or
      ServerSocket serverSocket = new ServerSocket(4242);

      can be executed without an explicit permission in server.policy.

        Activity

        Hide
        abien added a comment -

        I'm neither able to edit, nor delete this issue. Please remove it

        Show
        abien added a comment - I'm neither able to edit, nor delete this issue. Please remove it
        Hide
        Nithya Ramakrishnan added a comment -

        Closing, as per the user's last comment, since this is not an issue

        Show
        Nithya Ramakrishnan added a comment - Closing, as per the user's last comment, since this is not an issue

          People

          • Assignee:
            kumarjayanti
            Reporter:
            abien
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: