qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-6363) Fail early if additional SASL providers cannot be registered with the Java Security API
Date Thu, 05 Feb 2015 12:26:34 GMT

     [ https://issues.apache.org/jira/browse/QPID-6363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Keith Wall updated QPID-6363:
-----------------------------
    Affects Version/s: 0.10
                       0.20
                       0.30

> Fail early if additional SASL providers cannot be registered with the Java Security API
> ---------------------------------------------------------------------------------------
>
>                 Key: QPID-6363
>                 URL: https://issues.apache.org/jira/browse/QPID-6363
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: 0.10, 0.20, 0.30
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: 0.31
>
>
> Registering SASL providers with the Java Security API requires specific SecurityManager
permissions.   This registration will fail if the JVM's security.policy denies it.  This can
happens in execution environments such as web containers.
> Currently the SASL registration takes place as a side effect of protocol connection negotiation.
 If it fails here, it is the IO threads that see the exception, rather than the caller's thread.
> The SASL registration should be moved  so that we fail fast, on a thread belonging to
the application.
> {noformat}
> Caused by: java.security.AccessControlException: access denied (java.security.SecurityPermission
putProviderProperty.AMQSASLProvider-Client)
>        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>        at java.security.AccessController.checkPermission(AccessController.java:546)
>        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
>        at java.security.Provider.check(Provider.java:386)
>        at java.security.Provider.put(Provider.java:309)
>        at org.apache.qpid.client.security.JCAProvider.register(JCAProvider.java:68)
>        at org.apache.qpid.client.security.JCAProvider.<init>(JCAProvider.java:55)
>        at org.apache.qpid.client.security.DynamicSaslRegistrar.registerSaslProviders(DynamicSaslRegistrar.java:89)
>        at org.apache.qpid.client.security.CallbackHandlerRegistry.<init>(CallbackHandlerRegistry.java:116)
>        at org.apache.qpid.client.security.CallbackHandlerRegistry.<clinit>(CallbackHandlerRegistry.java:69)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message