Hi Phil Thanks, did not know that, will repost with proper subject. On Tue, Dec 29, 2009 at 1:03 AM, Phil Steitz <phil.ste...@gmail.com> wrote:
> Since this list is shared by all commons components, we follow the > convention of prefixing the subject line of each post with the > component that the post refers to. You will get answers to > questions faster that way. Thanks! > > Phil > > Bartosz Baranowski wrote: > > Hi All > > Im banging against security issue with commons. Ive looked through src > which > > seems to have contadicting jdoc entry for LogFactory.getClassLoader(). > > Is there any estimation on adding proper access control to commons? In > light > > of jdoc comment it seems there is none? > > > > Thing is that commons will not initialize even when jar(commons) has > > "AllPermissions" - since if at some point in call stack code passes > > unpriviledged domain, permissions will be restricted to that domains set. > > It restricts initialization to be done in special blocks, a bit akward I > > must say. > > > > Failure could look as follows: > > java.lang.ExceptionInInitializerError > > at > > > org.jboss.cache.commands.CommandsFactoryImpl.buildRemoveNodeCommand(CommandsFactoryImpl.java:271) > > at > > > org.jboss.cache.invocation.CacheInvocationDelegate.removeNode(CacheInvocationDelegate.java:477) > > at > > > org.jboss.cache.invocation.NodeInvocationDelegate.removeChild(NodeInvocationDelegate.java:355) > > at > > > org.mobicents.slee.runtime.facilities.ActivityContextNamingFacilityCacheData.unbindName(ActivityContextNamingFacilityCacheData.java:75) > > at > > > org.mobicents.slee.runtime.facilities.ActivityContextNamingFacilityImpl.unbind(ActivityContextNamingFacilityImpl.java:122) > > at > > org.mobicents.tests.SecTestSbb.testNamingFacility(SecTestSbb.java:182) > > at > > org.mobicents.tests.SecTestSbb.onServiceStartedEvent(SecTestSbb.java:106) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at > > org.mobicents.slee.runtime.sbbentity.SbbEntity$1.run(SbbEntity.java:664) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > > org.mobicents.slee.runtime.sbbentity.SbbEntity.invokeEventHandler(SbbEntity.java:662) > > at > > > org.mobicents.slee.runtime.eventrouter.routingtask.EventRoutingTask.routeQueuedEvent(EventRoutingTask.java:351) > > at > > > org.mobicents.slee.runtime.eventrouter.routingtask.EventRoutingTask.access$000(EventRoutingTask.java:33) > > at > > > org.mobicents.slee.runtime.eventrouter.routingtask.EventRoutingTask$1.run(EventRoutingTask.java:106) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > > org.mobicents.slee.runtime.eventrouter.routingtask.EventRoutingTask.run(EventRoutingTask.java:103) > > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > > Source) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown > > Source) > > at java.lang.Thread.run(Unknown Source) > > Caused by: org.apache.commons.logging.LogConfigurationException: > > java.security.AccessControlException: access denied > > (java.lang.RuntimePermission getClassLoader) (Caused by > > java.security.AccessControl > > Exception: access denied (java.lang.RuntimePermission getClassLoader)) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:637) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310) > > at > org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685) > > at > > > org.jboss.cache.commands.write.RemoveNodeCommand.<clinit>(RemoveNodeCommand.java:45) > > ... 22 more > > Caused by: java.security.AccessControlException: access denied > > (java.lang.RuntimePermission getClassLoader) > > at java.security.AccessControlContext.checkPermission(Unknown > > Source) > > at java.security.AccessController.checkPermission(Unknown Source) > > at java.lang.SecurityManager.checkPermission(Unknown Source) > > at java.lang.ClassLoader.getParent(Unknown Source) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.getLowestClassLoader(LogFactoryImpl.java:1327) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.getBaseClassLoader(LogFactoryImpl.java:1247) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.createLogFromClass(LogFactoryImpl.java:1048) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:858) > > at > > > org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604) > > ... 26 more > > > > Where all classes except "org.mobicents.tests.SecTestSbb" have > > "AllPermissions" > > > > Fix seems easy and if it is desired I can gladly contribute. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- Bartosz Baranowski JBoss R & D ================================== Word of criticism meant to improve is always step forward.
