[jboss-remoting-issues] [JBoss JIRA] Commented: (JBREM-977) Wrap MBean proxies in security conscious wrappers

Ron Sigal (JIRA) jira-events at lists.jboss.org
Wed May 28 20:55:49 EDT 2008 

    [ http://jira.jboss.com/jira/browse/JBREM-977?page=comments#action_12414715 ] 
            
Ron Sigal commented on JBREM-977:
---------------------------------

The following classes have been introduced:

 * org.jboss.remoting.callback.CallbackErrorHandlerWrapper
 * org.jboss.remoting.callback.CallbackStoreWrapper
 * org.jboss.remoting.network.NetworkRegistryWrapper
 * org.jboss.remoting.ServerInvocationHandlerWrapper
 
and the following class has been modified appropriately:

 * org.jboss.remoting.security.ServerSocketFactoryWrapper
 
Anywhere in Remoting that a proxy is created for an MBean, the proxy is wrapped in one of these classes.  In the wrapper, all security sensitive calls are made inside a AccessController.doPrivileged() call (if a security manager is installed).

Unit tests:

 * org.jboss.test.remoting.security.CallbackErrorHandlerProxyTestCase
 * org.jboss.test.remoting.security.CallbackStoreProxyTestCase
 * org.jboss.test.remoting.security.NetworkRegistryProxyTestCase
 * org.jboss.test.remoting.security.ServerInvokerHandlerProxyTestCase
 * org.jboss.test.remoting.security.ServerSocketFactoryProxyTestCase

> Wrap MBean proxies in security conscious wrappers
> -------------------------------------------------
>
>                 Key: JBREM-977
>                 URL: http://jira.jboss.com/jira/browse/JBREM-977
>             Project: JBoss Remoting
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 2.4.0.CR2 (Pinto)
>            Reporter: Ron Sigal
>         Assigned To: Ron Sigal
>             Fix For: 2.4.0.GA (Pinto)
>
>
> There are places in Remoting where either an MBean proxy or a POJO could be used, depending on configuration.  For example, an org.jboss.remoting.transport.Connector can be configured with an actual POJO that implements the org.jboss.remoting.ServerInvocationHandler interface, or it could be given the ObjectName of a MBean that implements ServerInvocationHandler.  In the latter case, it will create an MBean proxy.
> Calls to an MBean proxy should be wrapped in an AccessController.doPrivileged() call.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-remoting-issues mailing list