[jira] [Updated] (QPID-6363) Fail early if additional SASL providers cannot be registered with the Java Security API

Thu, 05 Feb 2015 04:37:03 -0800 

     [ 
https://issues.apache.org/jira/browse/QPID-6363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Keith Wall updated QPID-6363:
-----------------------------
    Status: Reviewable  (was: In Progress)

> Fail early if additional SASL providers cannot be registered with the Java 
> Security API
> ---------------------------------------------------------------------------------------
>
>                 Key: QPID-6363
>                 URL: https://issues.apache.org/jira/browse/QPID-6363
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Client
>    Affects Versions: 0.10, 0.20, 0.30
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: 0.31
>
>
> Registering SASL providers with the Java Security API requires specific 
> SecurityManager permissions.   This registration will fail if the JVM's 
> security.policy denies it.  This can happens in execution environments such 
> as web containers.
> Currently the SASL registration takes place as a side effect of protocol 
> connection negotiation.  If it fails here, it is the IO threads that see the 
> exception, rather than the caller's thread.
> The SASL registration should be moved  so that we fail fast, on a thread 
> belonging to the application.
> {noformat}
> Caused by: java.security.AccessControlException: access denied 
> (java.security.SecurityPermission putProviderProperty.AMQSASLProvider-Client)
>        at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>        at 
> java.security.AccessController.checkPermission(AccessController.java:546)
>        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>        at 
> java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698)
>        at java.security.Provider.check(Provider.java:386)
>        at java.security.Provider.put(Provider.java:309)
>        at 
> org.apache.qpid.client.security.JCAProvider.register(JCAProvider.java:68)
>        at 
> org.apache.qpid.client.security.JCAProvider.<init>(JCAProvider.java:55)
>        at 
> org.apache.qpid.client.security.DynamicSaslRegistrar.registerSaslProviders(DynamicSaslRegistrar.java:89)
>        at 
> org.apache.qpid.client.security.CallbackHandlerRegistry.<init>(CallbackHandlerRegistry.java:116)
>        at 
> org.apache.qpid.client.security.CallbackHandlerRegistry.<clinit>(CallbackHandlerRegistry.java:69)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to