[FELIX-1285] SecureAction captures the calling context incorrectly - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: framework-1.8.1
Fix Version/s: framework-2.0.0
Component/s: Framework
Labels:
None

Description

In SecureAction we capture the calling context for optimization purposes, but the context captures the current stack no matter who is on the stack. Since the whole point of SecureAction is to allow the framework to perform sensitive operations without worrying about who is on the call stack, this seems to be a bug since there could be someone with lower privileges on the stack. I think we need to capture the calling context inside a privileged block.

Attachments

Activity

People

Assignee:: Richard S. Hall

Reporter:: Richard S. Hall

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 29/Jun/09 20:04

Updated:: 30/Jun/09 20:04

Resolved:: 30/Jun/09 20:04