1. glassfish
  2. GLASSFISH-20423

JASPIC AuthConfigFactory impl (i.e, BaseAuthConfigFactory) does not make required permission checks


    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0
    • Component/s: security
    • Labels:


      JASPIC MR for release 1.1 clarified AuthConfigFactory implementation related permission checking requirements, for example

      • When a SecurityManager is enabled, before loading the argument
      • provider, and before making any changes to the factory, this method must
      • confirm that the calling access control context has been granted the
      • {@link #providerRegistrationSecurityPermission}

      similar clarifications where added to the following 5 methods

      1. public abstract String
      registerConfigProvider(String className, Map properties, String layer, String appContext, String description);

      2. public abstract String
      registerConfigProvider(AuthConfigProvider, String layer, String appContext, String description);

      3. public abstract boolean
      removeRegistration(String registrationID);

      4. public abstract String[]
      detachListener(RegistrationListener listener, String layer, String appContext);

      5. public abstract void refresh();

      The base class for the Glassfish AuthConfigFactory reference implementation is,

      The following block of code needs to be added at the start of each of BaseAuthConfigFactory's implementatation of the
      above methods.

      SecurityManager sm = System.getSecurityManager();
      if (sm != null) {

      I will attached a proposed diff to this issue

      As as a result of the addition of these permission checks, some programs will
      need to be granted these permissions in order to run with the SecurityManager enabled.

      At the present time tehse interfaces are used predominantly during application deployment
      at which time they are called from container code that is running with AllPermission.


        monzillo created issue -
        JeffTancill made changes -
        Field Original Value New Value
        Assignee JeffTancill [ jefftancill ] quang.dang [ quang.dang ]
        quang.dang made changes -
        Tags 4_0-review
        michael.y.chen made changes -
        Tags 4_0-review 4_0-approved
        quang.dang made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]


          • Assignee:
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: