[jira] Created: (TUSCANY-2108) Java 2 Security - ReallySmallRuntime AccessController blocks

Wed, 19 Mar 2008 06:48:29 -0700 

Java 2 Security - ReallySmallRuntime AccessController blocks
------------------------------------------------------------

                 Key: TUSCANY-2108
                 URL: https://issues.apache.org/jira/browse/TUSCANY-2108
             Project: Tuscany
          Issue Type: Bug
          Components: Java SCA Core Runtime
    Affects Versions: Java-SCA-1.1
         Environment: Run with JDK 1.5, Windows XP system
            Reporter: Dan Becker
             Fix For: Java-SCA-1.2


Add Java 2 Security to SCA core accessed via ReallySmallRuntime. This can be 
seen by running the sample-calculator program with -Djava.security.manager  for 
the Java application runtime.

This JIRA is a preliminary prereq for JIRA TUSCANY-2030. That JIRA covers the 
code entry points via
org.apache.tuscany.sca.host.embedded.impl.EmbeddedSCADomain.getService(EmbeddedSCADomain.java:138)
 and 
com.ibm.ws.soa.sca.runtime.impl.SimpleCompositeContextImpl.locateService(SimpleCompositeContextImpl.java:86)
 

This JIRA covers all "internal" entry points that are accessed via 
Exception in thread "main" org.osoa.sca.ServiceRuntimeException: 
java.lang.NullPointerException
        at 
org.apache.tuscany.sca.host.embedded.SCADomain.createNewInstance(SCADomain.java:264)
        at 
org.apache.tuscany.sca.host.embedded.SCADomain.newInstance(SCADomain.java:69)
        at calculator.CalculatorClient.main(CalculatorClient.java:31)
Caused by: java.lang.NullPointerException
        at 
org.apache.tuscany.sca.host.embedded.impl.ReallySmallRuntime.start(ReallySmallRuntime.java:116)
        at 
org.apache.tuscany.sca.host.embedded.impl.DefaultSCADomain.init(DefaultSCADomain.java:118)
        at 
org.apache.tuscany.sca.host.embedded.impl.DefaultSCADomain.<init>(DefaultSCADomain.java:109)
        at 
org.apache.tuscany.sca.host.embedded.SCADomain.createNewInstance(SCADomain.java:231)

There needs to be AccessController.doPrivileged blocks around all sensitive 
code that  creates a ClassLoader, accesses the file system via stream or URL, 
reads system properties and all other sensitive areas not covered by the 
security.policy file.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to