[jbossts-issues] [JBoss JIRA] (JBTM-2076) Add security manager's permission checking in com.arjuna.webservices11.ServiceRegistry#getRegistry

Gytis Trikleris (JIRA) issues at jboss.org
Fri Jan 17 06:19:33 EST 2014 

     [ https://issues.jboss.org/browse/JBTM-2076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gytis Trikleris updated JBTM-2076:
----------------------------------

    Description: 
Permissions checking in public static methods is needed for Common Criteria certification.

Add something similar to this at the beginning of the method:
{code}
public static ServiceRegistry getRegistry()
{
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new RuntimePermission(ServiceRegistry.class.getName() + ".getRegistry"));
    }
    return REGISTRY ;
}
{code}

  was:
Permissions checking in public static methods is needed for Common Criteria certification.

Add something similar to this at the beginning of the method:
{code}
public static ServiceRegistry getRegistry()
{
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new RuntimePermission(SecurityFactory.class.getName() + ".getRegistry"));
    }
    return REGISTRY ;
}
{code}


    
> Add security manager's permission checking in com.arjuna.webservices11.ServiceRegistry#getRegistry
> --------------------------------------------------------------------------------------------------
>
>                 Key: JBTM-2076
>                 URL: https://issues.jboss.org/browse/JBTM-2076
>             Project: JBoss Transaction Manager
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: XTS
>            Reporter: Gytis Trikleris
>            Assignee: Gytis Trikleris
>            Priority: Critical
>             Fix For: 4.17.17, 5.0.0.CR3
>
>
> Permissions checking in public static methods is needed for Common Criteria certification.
> Add something similar to this at the beginning of the method:
> {code}
> public static ServiceRegistry getRegistry()
> {
>     SecurityManager sm = System.getSecurityManager();
>     if (sm != null) {
>         sm.checkPermission(new RuntimePermission(ServiceRegistry.class.getName() + ".getRegistry"));
>     }
>     return REGISTRY ;
> }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossts-issues mailing list