qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-6363) Fail early if additional SASL providers cannot be registered with the Java Security API
Date Thu, 05 Feb 2015 12:36:34 GMT

     [ https://issues.apache.org/jira/browse/QPID-6363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Keith Wall updated QPID-6363:
    Status: Reviewable  (was: In Progress)

> Fail early if additional SASL providers cannot be registered with the Java Security API
> ---------------------------------------------------------------------------------------
>                 Key: QPID-6363
>                 URL: https://issues.apache.org/jira/browse/QPID-6363
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: 0.10, 0.20, 0.30
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: 0.31
> Registering SASL providers with the Java Security API requires specific SecurityManager
permissions.   This registration will fail if the JVM's security.policy denies it.  This can
happens in execution environments such as web containers.
> Currently the SASL registration takes place as a side effect of protocol connection negotiation.
 If it fails here, it is the IO threads that see the exception, rather than the caller's thread.
> The SASL registration should be moved  so that we fail fast, on a thread belonging to
the application.
> {noformat}
> Caused by: java.security.AccessControlException: access denied (java.security.SecurityPermission
>        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>        at java.security.AccessController.checkPermission(AccessController.java:546)
>        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>        at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
>        at java.security.Provider.check(Provider.java:386)
>        at java.security.Provider.put(Provider.java:309)
>        at org.apache.qpid.client.security.JCAProvider.register(JCAProvider.java:68)
>        at org.apache.qpid.client.security.JCAProvider.<init>(JCAProvider.java:55)
>        at org.apache.qpid.client.security.DynamicSaslRegistrar.registerSaslProviders(DynamicSaslRegistrar.java:89)
>        at org.apache.qpid.client.security.CallbackHandlerRegistry.<init>(CallbackHandlerRegistry.java:116)
>        at org.apache.qpid.client.security.CallbackHandlerRegistry.<clinit>(CallbackHandlerRegistry.java:69)
> {noformat}

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message