|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
Agree it's a worthwhile enhancement.
However, the approach used in the pull request, while simple and straightforward, is a bit of a maintenance hazard. It would be easy to neglect the call to checkPermission as the logger context and logger implementations are evolved, and this could easily introduce "holes" the intended security model.
Perhaps a better approach would be to allow the LoggerContext or Logger to be wrapped in a proxy that looks at the incoming method invocation and determines whether a security check is needed before allowing the call to proceed to target object. This approach would also allow the security checks to be completely excluded in environments that don't need it.