[infinispan-issues] [JBoss JIRA] (ISPN-9165) ManifestUberJarDuplicatedJarsWarner uses FJP without privileged block
David Lloyd (JIRA)
issues at jboss.org
Wed May 16 08:22:01 EDT 2018
[ https://issues.jboss.org/browse/ISPN-9165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd updated ISPN-9165:
------------------------------
Priority: Critical (was: Major)
> ManifestUberJarDuplicatedJarsWarner uses FJP without privileged block
> ---------------------------------------------------------------------
>
> Key: ISPN-9165
> URL: https://issues.jboss.org/browse/ISPN-9165
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 9.2.2.Final
> Reporter: David Lloyd
> Priority: Critical
>
> {{ManifestUberJarDuplicatedJarsWarner}} has a method called {{isClasspathCorrectAsync}} which dispatches a task to the fork-join pool. The task loads resources from the Infinispan JAR.
> This fails under a security manager. The common FJP executes tasks with no permissions. One of two things must be done:
> # Do not use the fork-join pool; find some other async solution which preserves the access control context.
> # Capture and propagate the current AccessControlContext when calling {{isClasspathCorrectAsync}}. This can be done by calling {{AccessController.getContext()}} before submitting the task, and then, within the submitted lambda, wrap the call to isClasspathCorrect with a call to {{AccessController.doPrivileged()}} which restores the captured context (by giving it as the second parameter). Note that this will entail a nested lambda or anonymous class.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list