[jboss-jira] [JBoss JIRA] Resolved: (JBAOP-762) Permission Issue (with AOP) in Applet Environment

[Flavia Rainone (JIRA)]

     [ https://jira.jboss.org/browse/JBAOP-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Flavia Rainone resolved JBAOP-762.
----------------------------------

    Resolution: Done


At every permission check, an AccessControlContext object is retrieved by sun jdk by using the following method:
    / * Returns the AccessControl context. i.e., it gets 
     * the protection domains of all the callers on the stack,
     * starting at the first class with a non-null 
     * ProtectionDomain. 
     *
     * @return the access control context based on the current stack or
     *         null if there was only privileged system code.
     */
    private static native AccessControlContext getStackAccessControlContext();

So, the AccessControlContext may be different from one permission check to another. At the moment that the exception is thrown we have two new important elements in the stack that causes the JVM to use a new ACC: invoker stuff (belonging to a different jar location than the elements in the stack of successful scenarios) and a class created at runtime by JBoss AOP's AdviceFactory. The new AccessControlContext contains thus two new ProtectionDomains: one for the jboss-remoting.jar that contains the right permissions, and another for the generated advice class. This class belongs to no source location and is thus associated to an empty ProtectionDomain, whose only non-null info it contains is the class loader (the Applet2ClassLoader). Since this protection domains contains an empty Permission array, it fails to give permission to the System property read operation.

The fix to this issue makes sure that the created advice class is loaded with a protection domain (the same protection domain used by the corresponding aspect class).

> Permission Issue (with AOP) in Applet Environment
> -------------------------------------------------
>
>                 Key: JBAOP-762
>                 URL: https://jira.jboss.org/browse/JBAOP-762
>             Project: JBoss AOP
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 1.5.6.GA
>            Reporter: Howard Gao
>            Assignee: Flavia Rainone
>             Fix For: 1.5.7.GA
>
>         Attachments: applet-aop.tar.gz, java_console.out
>
>
> Summary:
> JBM client packed in an Applet. The client gets "java.util.PropertyPermission legacyParsing read" AccessControlException when trying to create a JMS connection.
> Possible Reason:
> The AccessControlContext was changed after JBM going through some AOP stack.
> AOP version 1.5.6.GA
> To reproduce this issue, I did the following:
> 1. create a simple applet. The applet create a button "DoWork". 
> 2. Pressing "DoWork" will cause the applet to do a jndi lookup for a connection factory and call creationConnection() on the factory.
> In createConnection(), there is a method call on an AOP instrumented object:
> createConnection()
> {
>    ...
>    String wok = aopObj.doSomeWork("GoodWook");
>    ...
> }
> The aopObj is a simple class with one method:
> public class FakeInvokerLocatorWithAOP implements Serializable
> {
>     
>    private static final long serialVersionUID = 2223089961647029627L;
>    public String doSomeWork(String work)
>    {
>       return work + " done. : " + System.getProperty("legacyParsing");
>    }
> }
> This class has an advice defined in AOP xml :
>    <aspect class="org.jboss.jms.client.container.SimpleAspect" scope="PER_VM"/>
>    <bind pointcut="execution(* org.jboss.jms.client.delegate.FakeInvokerLocatorWithAOP->doSomeWork(..))">
>       <advice name="handleDoSomeWork" aspect="org.jboss.jms.client.container.SimpleAspect"/>
>    </bind>
> The Advice class SimpleAspect is very simple:
> public class SimpleAspect {
> 	public Object handleDoSomeWork(Invocation inv) throws Throwable
> 	{
>         String res = (String)inv.invokeNext();
>         
>         res = res + " with AOP";
>         
>         System.out.println("-----res: " + res);
> 	    
>         return res;
> 	}
> }
> So if the call of aopObj.doSomeWork("GoodWook") is successful, the returned value should be something like:
> "GoodWook done. " + <value of sys prop 'legacyParsing'> + " with AOP"
> But the real situation is that I got the following exception: 
> java.security.AccessControlException: access denied (java.util.PropertyPermission legacyParsing read)
> Debugging shows that once the execution goes inside SimpleAspect.handleDoSomeWork(), the system's AccessControlContext has changed, but the SecurityManager remained same as before. This changed context doesn't allow the above permission.
> I also checked the SimpleAspect's ProtectionDomain by 
> PermissionCollection pcol = this.getClass().getProtectionDomain().getPermissions();
> And this proctection domain's permissions implies the above permission, namely
> pcol.implies(new PropertyPermission("legacyParsing", "read")) returns true.
> Note: you may need to add the following permission to your java.policy in order to get protectionDomain at this point.
> permission java.lang.RuntimePermission "getProtectionDomain";

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira