[JBoss JIRA] Commented: (SECURITY-340) JBossSecurityContext.setSecurityManagement needs to be executed within doPrivileged

Thursday, 11 December 2008

    [
https://jira.jboss.org/jira/browse/SECURITY-340?page=com.atlassian.jira.p...
] 

Anil Saldhana commented on SECURITY-340:
----------------------------------------

ALR, the priv block should go in the Ejb3Auth interceptor.

...
 JBossSecurityContext.setSecurityManagement needs to be executed
within doPrivileged
 -----------------------------------------------------------------------------------

                 Key: SECURITY-340
                 URL: https://jira.jboss.org/jira/browse/SECURITY-340
             Project: JBoss Security and Identity Management
          Issue Type: Task
      Security Level: Public(Everyone can see) 
            Reporter: Andrew Lee Rubinger
            Assignee: Anil Saldhana

 From AS TestSuite  tests-security-manager
org.jboss.test.securitymgr.test.EJB3SpecUnitTestCase:
 Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission org.jboss.security.plugins.
 JBossSecurityContext.setSecurityManagement)
         at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
         at java.security.AccessController.checkPermission(AccessController.java:427)
         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
         at
org.jboss.security.plugins.JBossSecurityContext.setSecurityManagement(JBossSecurityContext.java:123)
         at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:119)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006