[
http://jira.jboss.com/jira/browse/JBREM-977?page=comments#action_12414715 ]
Ron Sigal commented on JBREM-977:
---------------------------------
The following classes have been introduced:
* org.jboss.remoting.callback.CallbackErrorHandlerWrapper
* org.jboss.remoting.callback.CallbackStoreWrapper
* org.jboss.remoting.network.NetworkRegistryWrapper
* org.jboss.remoting.ServerInvocationHandlerWrapper
and the following class has been modified appropriately:
* org.jboss.remoting.security.ServerSocketFactoryWrapper
Anywhere in Remoting that a proxy is created for an MBean, the proxy is wrapped in one of
these classes. In the wrapper, all security sensitive calls are made inside a
AccessController.doPrivileged() call (if a security manager is installed).
Unit tests:
* org.jboss.test.remoting.security.CallbackErrorHandlerProxyTestCase
* org.jboss.test.remoting.security.CallbackStoreProxyTestCase
* org.jboss.test.remoting.security.NetworkRegistryProxyTestCase
* org.jboss.test.remoting.security.ServerInvokerHandlerProxyTestCase
* org.jboss.test.remoting.security.ServerSocketFactoryProxyTestCase
Wrap MBean proxies in security conscious wrappers
-------------------------------------------------
Key: JBREM-977
URL:
http://jira.jboss.com/jira/browse/JBREM-977
Project: JBoss Remoting
Issue Type: Task
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2 (Pinto)
Reporter: Ron Sigal
Assigned To: Ron Sigal
Fix For: 2.4.0.GA (Pinto)
There are places in Remoting where either an MBean proxy or a POJO could be used,
depending on configuration. For example, an org.jboss.remoting.transport.Connector can be
configured with an actual POJO that implements the
org.jboss.remoting.ServerInvocationHandler interface, or it could be given the ObjectName
of a MBean that implements ServerInvocationHandler. In the latter case, it will create an
MBean proxy.
Calls to an MBean proxy should be wrapped in an AccessController.doPrivileged() call.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira