[jboss-user] [JBoss Microcontainer Development] New message: "Security problems with org.jboss.test:jboss-test 1.1.5.GA"
Flavia Rainone
do-not-reply at jboss.com
Fri Mar 5 08:42:37 EST 2010
User development,
A new message was posted in the thread "Security problems with org.jboss.test:jboss-test 1.1.5.GA":
http://community.jboss.org/message/530163#530163
Author : Flavia Rainone
Profile : http://community.jboss.org/people/flavia.rainone@jboss.com
Message:
--------------------------------------------------------------
I'm not sure if this belongs to this forum, but I couldn't find a more appropriate forum for this either.
In JBoss AOP, we are currently using jboss:jboss-test: 1.0.3.GA. We can't upgrate because whenever we try to upgrade we start seeing several Security Errors at all points of our testsuite that try to access the System Properties.
An example of this:
java.lang.reflect.InvocationTargetException
at org.jboss.test.AbstractTestDelegate.getDelegate(AbstractTestDelegate.java:73)
at org.jboss.test.AbstractTestSetup.setUp(AbstractTestSetup.java:62)
at org.jboss.test.AbstractTestCaseWithSetup.setUp(AbstractTestCaseWithSetup.java:103)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
at java.lang.System.getProperties(System.java:580)
at org.jboss.test.aop.AOPTestDelegate$1.run(AOPTestDelegate.java:51)
at org.jboss.test.aop.AOPTestDelegate$1.run(AOPTestDelegate.java:48)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.test.aop.AOPTestDelegate.<init>(AOPTestDelegate.java:47)
at org.jboss.test.aop.AOPTestWithSetup.getDelegate(AOPTestWithSetup.java:53)
This is AOPTestDelegate constructor implementation:
public AOPTestDelegate(Class<?> clazz)
{
super(clazz);
systemProps = AccessController.doPrivileged(new PrivilegedAction<Properties>()
{
public Properties run()
{
line 47>>> return (Properties)System.getProperties().clone();
}
});
}
Another example:
access denied (java.util.PropertyPermission org.jboss.test.logging.LogginPlugin read)
java.security.AccessControlException: access denied (java.util.PropertyPermission org.jboss.test.logging.LogginPlugin read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:686)
at org.jboss.test.logging.LoggingPlugin.getInstance(LoggingPlugin.java:47)
at org.jboss.test.AbstractTestDelegate.setUpLogging(AbstractTestDelegate.java:158)
at org.jboss.test.AbstractTestDelegate.setUp(AbstractTestDelegate.java:125)
at org.jboss.test.AbstractTestSetup.setUp(AbstractTestSetup.java:63)
at org.jboss.test.AbstractTestCaseWithSetup.setUp(AbstractTestCaseWithSetup.java:103)
at org.jboss.test.aop.annotatedAdviceParams.Arg2TestCase.setUp(Arg2TestCase.java:62)
This last example is even more serious, because it happens on AbstractTestCaseWithSetup.setUp execution.
I couldn't find any refrences for how to solve this apart from a hack Adrian mentioned in another http://community.jboss.org/thread/88629?tstart=-2.
Does anybody know why these tests have no permission to access the System Properties? How do we work around this issue?
--------------------------------------------------------------
To reply to this message visit the message page: http://community.jboss.org/message/530163#530163
More information about the jboss-user
mailing list