[jira] Commented: (HADOOP-6452) Hadoop JSP pages don't work under a security manager

Steve Loughran (JIRA) Mon, 21 Dec 2009 06:34:48 -0800

    [ 
https://issues.apache.org/jira/browse/HADOOP-6452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793214#action_12793214
 ]


Steve Loughran commented on HADOOP-6452:
----------------------------------------

I have a test for this, this is the test failure you get before the patch to 
ConfiguredPolicy is applied 
{code}
Testsuite: org.apache.hadoop.security.authorize.TestConfiguredPolicy
Tests run: 3, Failures: 0, Errors: 1, Time elapsed: 0.532 sec
------------- Standard Output ---------------
2009-12-21 14:30:00,089 WARN  conf.Configuration 
(Configuration.java:<clinit>(347)) - DEPRECATED: hadoop-site.xml found in the 
classpath. Usage of hadoop-site.xml is deprecated. Instead use core-site.xml, 
mapred-site.xml and hdfs-site.xml to override properties of core-default.xml, 
mapred-default.xml and hdfs-default.xml respectively
2009-12-21 14:30:00,265 INFO  authorize.ServiceAuthorizationManager 
(ServiceAuthorizationManager.java:run(92)) - Authorization failed for joe,users
java.security.AccessControlException: access denied 
ConnectionPermission(org.apache.hadoop.security.authorize.TestConfiguredPolicy$Protocol2)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at 
java.security.AccessController.checkPermission(AccessController.java:546)
        at 
org.apache.hadoop.security.authorize.ServiceAuthorizationManager$1.run(ServiceAuthorizationManager.java:89)
        at 
org.apache.hadoop.security.authorize.ServiceAuthorizationManager$1.run(ServiceAuthorizationManager.java:84)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:396)
        at 
org.apache.hadoop.security.authorize.ServiceAuthorizationManager.checkPermission(ServiceAuthorizationManager.java:83)
        at 
org.apache.hadoop.security.authorize.ServiceAuthorizationManager.authorize(ServiceAuthorizationManager.java:68)
        at 
org.apache.hadoop.security.authorize.TestConfiguredPolicy.testConfiguredPolicy(TestConfiguredPolicy.java:79)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at junit.framework.TestCase.runTest(TestCase.java:168)
        at junit.framework.TestCase.runBare(TestCase.java:134)
        at junit.framework.TestResult$1.protect(TestResult.java:110)
        at junit.framework.TestResult.runProtected(TestResult.java:128)
        at junit.framework.TestResult.run(TestResult.java:113)
        at junit.framework.TestCase.run(TestCase.java:124)
        at junit.framework.TestSuite.runTest(TestSuite.java:232)
        at junit.framework.TestSuite.run(TestSuite.java:227)
        at 
org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:79)
        at junit.framework.JUnit4TestAdapter.run(JUnit4TestAdapter.java:39)
        at 
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:421)
        at 
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.launch(JUnitTestRunner.java:921)
        at 
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:778)
------------- ---------------- ---------------

Testcase: testConfiguredPolicy took 0.294 sec
Testcase: testPolicyWriteable took 0.127 sec
        Caused an ERROR
attempt to add a Permission to a readonly Permissions object
java.lang.SecurityException: attempt to add a Permission to a readonly 
Permissions object
        at java.security.Permissions.add(Permissions.java:110)
        at java.security.Policy$UnsupportedEmptyCollection.add(Policy.java:790)
        at 
org.apache.hadoop.security.authorize.TestConfiguredPolicy.assertWriteable(TestConfiguredPolicy.java:115)
        at 
org.apache.hadoop.security.authorize.TestConfiguredPolicy.testPolicyWriteable(TestConfiguredPolicy.java:127)

Testcase: testProtectionDomainPolicyWriteable took 0.092 sec
{code}

> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>
>                 Key: HADOOP-6452
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6452
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 0.21.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>             Fix For: 0.22.0
>
>         Attachments: hadoop-5740.patch, mapreduce-439-2.patch
>
>
> When you run Hadoop under a security manager that says "yes" to all security 
> checks, you get stack traces when Jetty tries to initialise the JSP engine. 
> Which implies you can't use Jasper under a security manager

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6452) Hadoop JSP pages don't work under a security manager

Reply via email to