WW-5439 Move DevMode security configuration to SecurityMemberAccess #979
Conversation
kusalk
force-pushed
the
WW-5439-fix-dev-mode
branch
4 times, most recently
from
03ece5c
to
f6cb249
Compare
| } | ||
|
|
||
| private void useDevModeConfiguration() { | ||
| if (!isDevMode || isDevModeInit) { |
There was a problem hiding this comment.
The isDevModeInit check isn't thread-safe but it doesn't need to be as there's no negative consequence of running this method more than once when DevMode is enabled.
| Foo foo = new Foo(); | ||
|
|
||
| Exception expected = null; | ||
| try { | ||
| ognlUtil.setExcludedClasses(Runtime.class.getName()); |
There was a problem hiding this comment.
The exclusion list isn't checked here as it's already blocked by the static method check
| @@ -1166,9 +1171,11 @@ public void testAvoidCallingMethodsOnObjectClass() { | |||
| public void testAllowCallingMethodsOnObjectClassInDevModeTrue() { | |||
| Exception expected = null; | |||
| try { | |||
| ognlUtil.setExcludedClasses(Foo.class.getName()); | |||
There was a problem hiding this comment.
These methods don't do anything, so we inject the configuration instead
kusalk
force-pushed
the
WW-5439-fix-dev-mode
branch
from
f6cb249
to
af9aa1b
Compare
kusalk
force-pushed
the
WW-5439-fix-dev-mode
branch
from
af9aa1b
to
81b4943
Compare
|
kusalk
changed the title
WW-5439
I noticed that after my previous refactor of
SecurityMemberAccess- the devMode security configuration stopped working as I happened to break the test for it too.To be fair, this capability is probably not too useful anymore from 7.0, given the allowlist is enabled by default and that has no DevMode allowances.
However, we should still fix this feature for now and we can consider a better solution if necessary later.