[jboss-jira] [JBoss JIRA] Commented: (SECURITY-340) JBossSecurityContext.setSecurityManagement needs to be executed within doPrivileged
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Dec 11 09:34:37 EST 2008
[ https://jira.jboss.org/jira/browse/SECURITY-340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12442146#action_12442146 ]
Anil Saldhana commented on SECURITY-340:
----------------------------------------
ALR, the priv block should go in the Ejb3Auth interceptor.
> JBossSecurityContext.setSecurityManagement needs to be executed within doPrivileged
> -----------------------------------------------------------------------------------
>
> Key: SECURITY-340
> URL: https://jira.jboss.org/jira/browse/SECURITY-340
> Project: JBoss Security and Identity Management
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Reporter: Andrew Lee Rubinger
> Assignee: Anil Saldhana
>
> From AS TestSuite tests-security-manager org.jboss.test.securitymgr.test.EJB3SpecUnitTestCase:
> Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.plugins.
> JBossSecurityContext.setSecurityManagement)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at org.jboss.security.plugins.JBossSecurityContext.setSecurityManagement(JBossSecurityContext.java:123)
> at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:119)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list