[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

adrian@jboss.org do-not-reply at jboss.com
Mon Nov 10 08:04:37 EST 2008 

"anil.saldhana at jboss.com" wrote : "alesj" wrote : "anil.saldhana at jboss.com" wrote : 
  |   |   | At this time, I just change the protocol to be "file" instead of the vfs protocol. 
  |   | Anil, I've refactored your code a bit.
  |   | 
  |   | Leaving the old behavior as default - via your CodeSourceGenerator,
  |   | but I'll provide proper hooks so that this can be overridden in the CL deployers that use VFSCLPolicy.
  |   | 
  |   | If Adrian agrees this is a proper fix. ;-)
  | 
  | I like your refactor. Are you going to provide the hooks by Monday? I want to enable the security manager tests in AS5 asap.  I also have changes that I need to check in changes in AS5 code (privileged blocks) as part of that.

I don't like it refactored or otherwise because it is wrong.

There are two different issues:

1) Which codesource should it use?

i.e. should it use the top level file: url like JBoss4 or a vfs url as the codesource
This is what you CodeSourceGenerator abstraction is trying to do, but it is a hack
and it also only applied to the vfs classloading spi?

If we are going to go to the effort of introducing a proper spi for this,
then we should look at how you override the real purpose of this policy,
i.e. determing the whole ProtectionDomain.

There should also be easier ways to set this policy, i.e. on the ClassLoaderDomain
or the ClassLoaderSystem itself.

The FileProtocolCodeSourceGenerator is wrongly implemented anyway.
e.g. vfsfile:/some/directory/my.jar/sub.jar would result it a file url that is invalid
file:/some/directory/my.jar/sub.jar

I also don't see the need for the permission to set the codesource generator.
If somebody can get access to the policy then can make all sorts of other
changes anyway. Getting access to the classloader
implementation objects is already controlled by

  |          sm.checkCreateClassLoader();
  | 
checks.

2) What permissions should it have?

i.e. do you get the necessary FilePermission, checkConnection and NetPermissions?
If you change the code source to be a file: url for the parsing of java.policy
then you are going to loose the rights to use vfsxxx url
(and vice versa).

That's besides the problem mentioned above with the wrong file url getting used.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188107#4188107

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188107

More information about the jboss-dev-forums mailing list