[
https://issues.apache.org/jira/browse/OWB-496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997619#comment-12997619
]
Gerhard Petracek commented on OWB-496:
--------------------------------------
i agree with mark. it looks quite strange and leads to many questions.
we also talked about introducing a spi for not forcing the usage of SecurityUtil
furthermore, in wls just the old version works correctly.
the rest works without problems -> i don't think it's a security issue.
> Don't replace the ProxyFactory classloaderProvider without the intention to
> do so
> ---------------------------------------------------------------------------------
>
> Key: OWB-496
> URL: https://issues.apache.org/jira/browse/OWB-496
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Context and Scopes
> Affects Versions: 1.1.0
> Reporter: David Jencks
> Assignee: Gurkan Erdogdu
> Fix For: 1.1.0
>
>
> Currently JavassistProxyFactory.getProxyClass() replaces the
> ProxyFactory.classloaderProvider on any exception with a classloaderProvider
> that is very unlikely to work better than the default. Setting the
> classLoaderProvider should be a matter of intentional configuration, not
> flailing around after an unexpected exception.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
