[jbossts-issues] [JBoss JIRA] (JBTM-2076) Add security manager's permission checking in com.arjuna.webservices11.ServiceRegistry#getRegistry

Gytis Trikleris (JIRA) issues at jboss.org
Fri Jan 17 06:17:32 EST 2014


Gytis Trikleris created JBTM-2076:
-------------------------------------

             Summary: Add security manager's permission checking in com.arjuna.webservices11.ServiceRegistry#getRegistry
                 Key: JBTM-2076
                 URL: https://issues.jboss.org/browse/JBTM-2076
             Project: JBoss Transaction Manager
          Issue Type: Task
      Security Level: Public (Everyone can see)
          Components: XTS
            Reporter: Gytis Trikleris
            Assignee: Gytis Trikleris
            Priority: Critical
             Fix For: 4.17.17, 5.0.0.CR3


Permissions checking in public static methods is needed for Common Criteria certification.

Add something similar to this at the beginning of the method:
{code}
public static ServiceRegistry getRegistry()
{
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new RuntimePermission(SecurityFactory.class.getName() + ".getRegistry"));
    }
    return REGISTRY ;
}
{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the jbossts-issues mailing list