1 Reply Latest reply: Jan 10, 2011 8:54 AM by Thomas Diesler RSS

Fragments do not have a seperate ProtectionDomain

Thomas Diesler Master

The spec says

 

Fragments are bundles that can be attached to one or more host bundles by the Framework. Attaching is done as part of resolving: the Framework appends the relevant definitions of the fragment bundles to the host's definitions before the host is resolved. Fragments are therefore treated as part of the host, including any permitted headers; they must not have their own class loader though fragments must have their own Protection Domain.

 

Currently, we add content root entries for every attached fragment. The PD can be obtained from a defined class.

 

Any idea how to model this with jboss-modules?

  • 1. Fragments do not have a seperate ProtectionDomain
    Thomas Diesler Master

    (02:50:36 PM) dmlloyd: tdiesler: resource roots already have their own protection domains.

    (02:50:43 PM) dmlloyd: so it should already be correct

    (02:51:11 PM) dmlloyd: that way, someone can't gain privileges by sticking their JAR alongside a privileged module's JAR

    (02:52:25 PM) dmlloyd: tdiesler, if you're defining your own resource loader, the relevant method call is ClassSpec.setCodeSource()