Hi,

I'm having trouble upgrading a web application running under medium trust from 2.9.4 to 3.0.3. Code that previously worked now throws a SecurityException.

[SecurityException: Request for the permission of type 
'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, 
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   Lucene.Net.Support.WeakKey`1..ctor(T key) +0
   Lucene.Net.Support.WeakDictionary`2.get_Item(TKey key) +113
   Lucene.Net.Util.DefaultAttributeFactory.GetClassForInterface() +178
   Lucene.Net.Util.DefaultAttributeFactory.CreateAttributeInstance() +95
   Lucene.Net.Util.AttributeSource.AddAttribute() +375
   Lucene.Net.Analysis.CharTokenizer..ctor(TextReader input) +126
   Lucene.Net.Analysis.WhitespaceTokenizer..ctor(TextReader in) +37


The DefaultAttributeFactory, via WeakReference, requires SecurityPermissionFlag.UnmanagedCode which is not present under medium trust. There's an AttributeFactory.DEFAULT_ATTRIBUTE_FACTORY which I could to replace the DefaultAttributeFactory, but it's readonly. I'm rewriting my code to call the constructor overload (on tokenizers) accepting an AttributeFactory, but this means that I cannot use any existing Analyzer since they don't provide an extension points to change the AttributeFactory.

Is medium trust [using default classes] dropped in 3.0.3, or is this something we've missed?

// Simon

Reply via email to