[infinispan-issues] [Red Hat JIRA] (ISPN-9165) ManifestUberJarDuplicatedJarsWarner uses FJP without privileged block
[
https://issues.redhat.com/browse/ISPN-9165?page=com.atlassian.jira.plugin...
]
Boris Unckel commented on ISPN-9165:
------------------------------------
[~dmlloyd] We had the same issue. Please find a possible solution attached. I don't
have a stacktrace (anymore) and no unit test. It solved the issue for our productive
system. The idea is similar to #2 in the description above. It seems with [ISPN-10274
Remove uberjar
warnings|https://github.com/infinispan/infinispan/commit/6d598c530ab73539...]
this is obsolete and the issue can be closed?
ManifestUberJarDuplicatedJarsWarner uses FJP without privileged
block
---------------------------------------------------------------------
Key: ISPN-9165
URL: https://issues.redhat.com/browse/ISPN-9165
Project: Infinispan
Issue Type: Bug
Components: Core
Affects Versions: 9.2.2.Final
Reporter: David Lloyd
Priority: Critical
Labels: security-manager
Attachments: ManifestUberJarDuplicatedJarsWarner.java
{{ManifestUberJarDuplicatedJarsWarner}} has a method called {{isClasspathCorrectAsync}}
which dispatches a task to the fork-join pool. The task loads resources from the
Infinispan JAR.
This fails under a security manager. The common FJP executes tasks with no permissions.
One of two things must be done:
# Do not use the fork-join pool; find some other async solution which preserves the
access control context.
# Capture and propagate the current AccessControlContext when calling
{{isClasspathCorrectAsync}}. This can be done by calling
{{AccessController.getContext()}} before submitting the task, and then, within the
submitted lambda, wrap the call to isClasspathCorrect with a call to
{{AccessController.doPrivileged()}} which restores the captured context (by giving it as
the second parameter). Note that this will entail a nested lambda or anonymous class.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)