Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-31244

Use code source checks to allow classes loaded form known jars to get the portal class loader or get/set bean properties without any security check

    Details

      Description

      Classes loaded from portal-impl.jar and portal-service.jar should not induce a security check to get the portal class loader. Furthermore, classes in portal-impl.jar should use an "internal" class loader util to also avoid the check by the parent security manager that is invoked even when PortalSecurityManagerThreadLocal is disabled such as in PACLClassLoaderUtil's getClassLoader().

      We can also use the same technique for get/set bean properties checks, since a lot of our internal classes use introspection.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brian.chan Brian Chan
              Reporter:
              zsolt.berentey Zsolt Berentey (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                8 years, 2 weeks ago

                  Packages

                  Version Package
                  6.1.2 CE GA3
                  6.1.30 EE GA3
                  6.2.0 CE M3