1 Reply Latest reply on Jan 10, 2011 8:54 AM by thomas.diesler

    Fragments do not have a seperate ProtectionDomain

    thomas.diesler

      The spec says

       

      Fragments are bundles that can be attached to one or more host bundles by the Framework. Attaching is done as part of resolving: the Framework appends the relevant definitions of the fragment bundles to the host's definitions before the host is resolved. Fragments are therefore treated as part of the host, including any permitted headers; they must not have their own class loader though fragments must have their own Protection Domain.

       

      Currently, we add content root entries for every attached fragment. The PD can be obtained from a defined class.

       

      Any idea how to model this with jboss-modules?

        • 1. Fragments do not have a seperate ProtectionDomain
          thomas.diesler

          (02:50:36 PM) dmlloyd: tdiesler: resource roots already have their own protection domains.

          (02:50:43 PM) dmlloyd: so it should already be correct

          (02:51:11 PM) dmlloyd: that way, someone can't gain privileges by sticking their JAR alongside a privileged module's JAR

          (02:52:25 PM) dmlloyd: tdiesler, if you're defining your own resource loader, the relevant method call is ClassSpec.setCodeSource()