<< Back to previous view

[GLASSFISH-20423] JASPIC AuthConfigFactory impl (i.e, BaseAuthConfigFactory) does not make required permission checks Created: 26/Apr/13  Updated: 06/May/13  Resolved: 03/May/13

Status: Resolved
Project: glassfish
Component/s: security
Affects Version/s: None
Fix Version/s: 4.0

Type: Bug Priority: Major
Reporter: monzillo Assignee: quang.dang
Resolution: Fixed Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 4_0-approved
Participants: monzillo and quang.dang

 Description   

JASPIC MR for release 1.1 clarified AuthConfigFactory implementation related permission checking requirements, for example

  • When a SecurityManager is enabled, before loading the argument
  • provider, and before making any changes to the factory, this method must
  • confirm that the calling access control context has been granted the
  • {@link #providerRegistrationSecurityPermission}

similar clarifications where added to the following 5 methods

1. public abstract String
registerConfigProvider(String className, Map properties, String layer, String appContext, String description);

2. public abstract String
registerConfigProvider(AuthConfigProvider, String layer, String appContext, String description);

3. public abstract boolean
removeRegistration(String registrationID);

4. public abstract String[]
detachListener(RegistrationListener listener, String layer, String appContext);

5. public abstract void refresh();

The base class for the Glassfish AuthConfigFactory reference implementation is,
./appserver/security/jaspic-provider-framework/src/main/java/com/sun/jaspic/config/factory/BaseAuthConfigFactory.java

The following block of code needs to be added at the start of each of BaseAuthConfigFactory's implementatation of the
above methods.

SecurityManager sm = System.getSecurityManager();
if (sm != null) { sm.checkPermission(AuthConfigFactory.providerRegistrationSecurityPermission); }

I will attached a proposed diff to this issue

As as a result of the addition of these permission checks, some programs will
need to be granted these permissions in order to run with the SecurityManager enabled.

At the present time tehse interfaces are used predominantly during application deployment
at which time they are called from container code that is running with AllPermission.



 Comments   
Comment by monzillo [ 26/Apr/13 08:59 PM ]

removed proposed resolution (i.e., diff) as it was reformatted and became incomprehensible.

Comment by quang.dang [ 01/May/13 02:23 PM ]
  • What is the impact on the customer of the bug?

This is to satisfy the permission checking requirements for the AuthConfigFactory impl in
JASPIC MR for release 1.1. It is not a regression.

  • What is the cost/risk of fixing the bug?

The fix is not complicated and requires not much work. However running the relevant tests with the security manager enabled will take some time. This might be a medium risk fix and would only affect the env where the security manager is turned on.

  • Is there an impact on documentation or message strings?
    No
  • Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
    JASPIC related tests with the security manager enabled
  • Which is the targeted build of 4.0 for this fix?
    1.0_b88
Comment by quang.dang [ 03/May/13 08:14 PM ]

/branches/4.0/appserver/security/jaspic-provider-framework/src/main/java/com/sun/jaspic/config/factory/BaseAuthConfigFactory.java
Rev. 61823

Comment by quang.dang [ 06/May/13 04:28 PM ]

trunk Rev. 61847
appserver/security/jaspic-provider-framework/src/main/java/com/sun/jaspic/config/factory/BaseAuthConfigFactory.java

Generated at Thu Apr 24 15:50:11 UTC 2014 using JIRA 4.0.2#472.