On Fri, Aug 28, 2015 at 11:27 AM, Isuru Perera <isu...@wso2.com> wrote:
> Hi Supun, > > The checkSecurity method just checks for a permission. I'm not sure how > your fix works. But it doesn't seem to be a proper solution. We might need > to debug more and see. > > Can you check whether you have fixes for > https://wso2.org/jira/browse/IDENTITY-3340? > No, I don't PR is not merged yet.. I had a chat with KasunB, its for a different error however. > > On Fri, Aug 28, 2015 at 9:55 AM, Aruna Karunarathna <ar...@wso2.com> > wrote: > >> >> >> On Thu, Aug 27, 2015 at 6:44 PM, Supun Malinga <sup...@wso2.com> wrote: >> >>> Hi, >>> >>> Found that the issue happens at the following, >>> >>> at >>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034) >>> at >>> org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167) >>> >>> I did the following fix in CarbonContext (where the user realm is >>> retrieved initially), and the issue disappeared. Is this a good enough >>> solution ? Or do we have to explicitly do permission checks in >>> AbstractUserStoreManager ?. So far there is none in that.. Let me know. >>> >>> +++ >>> b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java >>> @@ -233,6 +233,8 @@ public class CarbonContext { >>> * @return the user realm instance. >>> */ >>> public UserRealm getUserRealm() { >>> + CarbonUtils.checkSecurity(); >>> return getCarbonContextDataHolder().getUserRealm(); >>> } >>> >> >> Any idea why this is not needed for AS 5.2.1?.. >> >>> >>> thanks, >>> >>> >>> On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga <sup...@wso2.com> wrote: >>> >>>> thanks Isuru. Let me see what I can find. >>>> >>>> thanks >>>> >>>> On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera <isu...@wso2.com> wrote: >>>> >>>>> Hi Supun, >>>>> >>>>> I'm sorry I missed this mail. We need to identify which method is >>>>> accessing the local database. We should never give explicit read >>>>> permissions for the H2 database. >>>>> >>>>> We need to use Java Privileged Block API in Carbon Context APIs. If >>>>> you cannot figure out the protection domain for the access failure, please >>>>> check Java Security Debug logs. See Troubleshooting section in my Java >>>>> Security Manager related blog post [1]. >>>>> >>>>> With Privileged Block API, we can let Carbon Context APIs to use same >>>>> permissions we give to Carbon code. >>>>> >>>>> Thanks! >>>>> >>>>> Best Regards, >>>>> >>>>> [1] >>>>> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html >>>>> >>>>> >>>>> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga <sup...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> For accessing usermgt via CarbonContext had to provide following >>>>>> permission for webapp. >>>>>> >>>>>> permission java.io.FilePermission >>>>>> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db", >>>>>> "read"; >>>>>> >>>>>> I tested with AS 5.2.1 and we don't need this in 5.2.1. >>>>>> >>>>>> Can anyone tell why this is needed and if its an issue ?. >>>>>> >>>>>> thanks, >>>>>> -- >>>>>> Supun Malinga, >>>>>> >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc. >>>>>> http://wso2.com >>>>>> email: sup...@wso2.com <sup...@wso2.com> >>>>>> mobile: +94 (0)71 56 91 321 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Isuru Perera >>>>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/ >>>>> Lean . Enterprise . Middleware >>>>> >>>>> about.me/chrishantha >>>>> Contact: +IsuruPereraWSO2 >>>>> <https://www.google.com/+IsuruPereraWSO2/about> >>>>> >>>> >>>> >>>> >>>> -- >>>> Supun Malinga, >>>> >>>> Senior Software Engineer, >>>> WSO2 Inc. >>>> http://wso2.com >>>> email: sup...@wso2.com <sup...@wso2.com> >>>> mobile: +94 (0)71 56 91 321 >>>> >>> >>> >>> >>> -- >>> Supun Malinga, >>> >>> Senior Software Engineer, >>> WSO2 Inc. >>> http://wso2.com >>> email: sup...@wso2.com <sup...@wso2.com> >>> mobile: +94 (0)71 56 91 321 >>> >> >> >> >> -- >> >> *Aruna Sujith Karunarathna *| Software Engineer >> WSO2, Inc | lean. enterprise. middleware. >> #20, Palm Grove, Colombo 03, Sri Lanka >> Mobile: +94 71 9040362 | Work: +94 112145345 >> Email: ar...@wso2.com | Web: www.wso2.com >> >> > > > > -- > Isuru Perera > Associate Technical Lead | WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > about.me/chrishantha > Contact: +IsuruPereraWSO2 <https://www.google.com/+IsuruPereraWSO2/about> > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com email: sup...@wso2.com <sup...@wso2.com> mobile: +94 (0)71 56 91 321
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
