[jboss-jira] [JBoss JIRA] Commented: (JBMESSAGING-1446) ClientAOPStackLoader is missing a privileged block for TCL setting
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Fri Nov 7 16:59:36 EST 2008
[ https://jira.jboss.org/jira/browse/JBMESSAGING-1446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12437524#action_12437524 ]
Anil Saldhana commented on JBMESSAGING-1446:
--------------------------------------------
Actually, the entire method is doing get and set context class loaders. These should go in privileged blocks.
====================
public synchronized void load(ConnectionFactoryEndpoint delegate) throws Exception
{
if (loaded)
{
return;
}
ClassLoader savedLoader = Thread.currentThread().getContextClassLoader();
try
{
// This was done because of some weird behavior of AOP & classLoading
// http://jira.jboss.org/jira/browse/JBMESSAGING-980
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
byte[] clientAOPStack = delegate.getClientAOPStack();
new JmsClientAspectXMLLoader().deployXML(clientAOPStack);
loaded = true;
}
finally
{
Thread.currentThread().setContextClassLoader(savedLoader);
}
}
=====================================
> ClientAOPStackLoader is missing a privileged block for TCL setting
> ------------------------------------------------------------------
>
> Key: JBMESSAGING-1446
> URL: https://jira.jboss.org/jira/browse/JBMESSAGING-1446
> Project: JBoss Messaging
> Issue Type: Sub-task
> Reporter: Anil Saldhana
> Assignee: Tim Fox
>
> ================================================================
> 2008-11-07 15:42:43,532 ERROR [org.jboss.jms.client.JBossConnectionFactory] (WorkerThread#2[127.0.0.1:52424]) Failed to download and/or install client side AOPstack
> java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.Thread.setContextClassLoader(Thread.java:1306)
> at org.jboss.jms.client.ClientAOPStackLoader.load(ClientAOPStackLoader.java:83)
> at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:192)
> at org.jboss.jms.client.JBossConnectionFactory.createQueueConnection(JBossConnectionFactory.java:101)
> at org.jboss.jms.client.JBossConnectionFactory.createQueueConnection(JBossConnectionFactory.java:95)
> at org.jboss.test.cts.jms.MsgSender.init(MsgSender.java:62)
> at org.jboss.test.cts.jms.MsgSender.sendMsg(MsgSender.java:94)
> at org.jboss.test.cts.ejb.CtsBmpBean.sendMsg(CtsBmpBean.java:664)
> at org.jboss.test.cts.ejb.CtsBmpBean.ejbCreate(CtsBmpBean.java:93)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> =====================================================================
> http://anonsvn.jboss.org/repos/messaging/branches/Branch_1_4/src/main/org/jboss/jms/client/ClientAOPStackLoader.java
> The following line:
> // This was done because of some weird behavior of AOP & classLoading
> // http://jira.jboss.org/jira/browse/JBMESSAGING-980
> Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
> This sensitive operation should go in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list