You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Mark Hanson (Jira)" <ji...@apache.org> on 2019/12/30 18:51:09 UTC

[jira] [Closed] (GEODE-7396) JavaBeanAccessorMethodAuthorizer does not authorize methods on java.io classes

     [ https://issues.apache.org/jira/browse/GEODE-7396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Hanson closed GEODE-7396.
------------------------------

Transition from Resolved to Closed for Apache Geode 1.11.0 RC4 release.

> JavaBeanAccessorMethodAuthorizer does not authorize methods on java.io classes
> ------------------------------------------------------------------------------
>
>                 Key: GEODE-7396
>                 URL: https://issues.apache.org/jira/browse/GEODE-7396
>             Project: Geode
>          Issue Type: Bug
>          Components: querying, security
>            Reporter: Donal Evans
>            Assignee: Donal Evans
>            Priority: Major
>              Labels: GeodeCommons
>             Fix For: 1.11.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> The following test failed using an authorizer with java.lang and java.io packages specified as allowed. It's unclear at this time if the problem is related specifically to the java.io package or if it is a problem with how the JavaBeanAccessorMethodAuthorizer handles multiple parameters.
>  {noformat} 
> @Test
>   public void test() throws NoSuchMethodException {
>     Method disallowedJavaIOMethod = File.class.getMethod("getPath");
>     assertThat(authorizerWithStringAndIOPackageSpecified.authorize(allowedJavaIOMethod, new File(""))).isTrue();
>   } 
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)