[
https://issues.apache.org/jira/browse/GROOVY-5116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jochen Theodorou resolved GROOVY-5116.
--------------------------------------
Assignee: Jochen Theodorou
Resolution: Won't Fix
I think it is fair to close this issue. GroovyMain is not a suitable entry
point for anything but the commandline groovy scripts.
> Groovy enforces the use of the the dangerous permission
> java.util.PropertyPermission "*" "read,write" when using a SecurityManager
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: GROOVY-5116
> URL: https://issues.apache.org/jira/browse/GROOVY-5116
> Project: Groovy
> Issue Type: Improvement
> Components: groovy-runtime
> Affects Versions: 1.8.3
> Reporter: Benjamin Wolff
> Assignee: Jochen Theodorou
> Priority: Major
> Labels: contrib
>
> In several occurrences in the code, the system properties are accessed in
> this manner:
> groovy.grape.Grape.java
> {code}
> private static boolean enableGrapes =
> Boolean.valueOf(System.getProperties().getProperty("groovy.grape.enable",
> "true"));
> {code}
> The use of System.getProperties() forces the use of this permission in the
> SecurityManager: {noformat} java.util.PropertyPermission "*"
> "read,write"{noformat}
> This is not really desired in security sensitive environments. It is not
> possible to use more fine-grained permission declaration like e.g.:
> {noformat} java.util.PropertyPermission "groovy.*" "read,write"{noformat}
> This problem could be easily avoided by accessing the properties in this
> manner:
> {code}
> private static boolean enableGrapes =
> Boolean.valueOf(System.getProperty("groovy.grape.enable", "true"));
> {code}
> Without the use of System.getProperties() it is not mandatory to set the
> dangerous write permission on all system properties and more fine-grained
> security permissions like in the example could be used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
