[jira] [Created] (QPID-6363) Fail early if additional SASL providers cannot be registered with the Java Security API

Thu, 05 Feb 2015 04:25:51 -0800 

Keith Wall created QPID-6363:
--------------------------------

             Summary: Fail early if additional SASL providers cannot be 
registered with the Java Security API
                 Key: QPID-6363
                 URL: https://issues.apache.org/jira/browse/QPID-6363
             Project: Qpid
          Issue Type: Bug
          Components: Java Client
            Reporter: Keith Wall
            Assignee: Keith Wall
            Priority: Minor
             Fix For: 0.31


Registering SASL providers with the Java Security API requires specific 
SecurityManager permissions.   This registration will fail if the JVM's 
security.policy denies it.  This can happens in execution environments such as 
web containers.

Currently the SASL registration takes place as a side effect of protocol 
connection negotiation.  If it fails here, it is the IO threads that see the 
exception, rather than the caller's thread.

The SASL registration should be moved  so that we fail fast, on a thread 
belonging to the application.

{noformat}
Caused by: java.security.AccessControlException: access denied 
(java.security.SecurityPermission putProviderProperty.AMQSASLProvider-Client)
       at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
       at 
java.security.AccessController.checkPermission(AccessController.java:546)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at 
java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
       at java.security.Provider.check(Provider.java:386)
       at java.security.Provider.put(Provider.java:309)
       at 
org.apache.qpid.client.security.JCAProvider.register(JCAProvider.java:68)
       at 
org.apache.qpid.client.security.JCAProvider.<init>(JCAProvider.java:55)
       at 
org.apache.qpid.client.security.DynamicSaslRegistrar.registerSaslProviders(DynamicSaslRegistrar.java:89)
       at 
org.apache.qpid.client.security.CallbackHandlerRegistry.<init>(CallbackHandlerRegistry.java:116)
       at 
org.apache.qpid.client.security.CallbackHandlerRegistry.<clinit>(CallbackHandlerRegistry.java:69)
{noformat}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to