[jboss-jira] [JBoss JIRA] Updated: (JBCACHE-157) Use privileged action in CacheInterceptor

Jason T. Greene (JIRA) jira-events at lists.jboss.org
Mon Apr 2 20:03:20 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JBCACHE-157?page=all ]

Jason T. Greene updated JBCACHE-157:
------------------------------------

    Assignee: Jason T. Greene  (was: Ben Wang)

> Use privileged action in CacheInterceptor
> -----------------------------------------
>
>                 Key: JBCACHE-157
>                 URL: http://jira.jboss.com/jira/browse/JBCACHE-157
>             Project: JBoss Cache
>          Issue Type: Patch
>      Security Level: Public(Everyone can see) 
>          Components: PojoCache
>    Affects Versions: 1.2.2
>         Environment: Standalone JDK 1.5 application with custom security policy
>            Reporter: twundke
>         Assigned To: Jason T. Greene
>             Fix For: 2.1.0.GA
>
>         Attachments: CacheInterceptor.patch
>
>
> When using the AOP version of JBoss Cache in a security-managed environment, various classes require certain permissions (such as org.jboss.cache.aop.CachedType requiring java.lang.RuntimePermission "accessDeclaredMembers"). This also means that any class accessing a cached object must be granted these permissions.
> There are a number of problems with this. The first is that it breaks the transparency of using AOP-ed objects with the cache, as users of these objects must be granted additional permissions. The second problem is the nature of the permissions that must be granted. They are powerful permissions that allow runtime reflection, and in my particular case cannot be granted to the code using cached objects.
> The solution is to wrap the CacheInterceptor.invoke() method in a call to AccessController.doPrivileged() when a security manager is present. This allows the necessary permissions to be granted to the cache, without affecting the permissions of the calling code.
> The attached patch does just that. However, I don't know if this will have an effect on using the cache within a managed environment. I suspect not, but have no way of testing this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list