-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loading of service provider implementations needs to be done under doPriviledge #94
Comments
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=github-actions[bot] a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Loading of service provider implementations should be done on a privileged block. It will add the ability to the caller to invoke the API in a different protection domain and don't propagate the permissions check to the application source code.
That will allow the Application Servers to trust on the API code removing the need to add the required permissions by the users.
This can be reproducible with WildFly by deploying a simple servlet that sends an email when the security manager is enabled.
To Reproduce
Deploy a servlet that tries to send an email in WildFly with the security manager enabled:
Expected behavior
I wouldn't expect to have to add permissions to my application to load the Angus activation Jar file.
The text was updated successfully, but these errors were encountered: