Details

      Description

      It's going to be impossible to account for all the possible java.security.Permission implementations out in the wild (or even all those in the JVM).

      In order to provide an avenue for developers to get around this scenario we will provide a mechanism that allows the plugin to include a real java policy file (using standard syntax http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html ).

      First, I propose that the contract for use of this embedded policy file be that it can only define rules which are in no way accounted for in PACL.

      Secondly, using java.security.AllPermission is strictly forbidden and will be rejected by the initialization process.

      The standard location for such policy file will be:

      /WEB-INF/java.policy

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              justin.choi Justin Choi (Inactive)
              Reporter:
              raymond.auge Raymond Auge
              Recent user:
              Enterprise Release HU
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 11 weeks, 3 days ago

                  Packages

                  Version Package
                  6.1.2 CE GA3
                  6.1.30 EE GA3
                  6.2.0 CE M5