Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-9165

ManifestUberJarDuplicatedJarsWarner uses FJP without privileged block

    XMLWordPrintable

Details

    • Bug
    • Status: New (View Workflow)
    • Critical
    • Resolution: Unresolved
    • 9.2.2.Final
    • None
    • Core
    • Low

    Description

      ManifestUberJarDuplicatedJarsWarner has a method called isClasspathCorrectAsync which dispatches a task to the fork-join pool. The task loads resources from the Infinispan JAR.

      This fails under a security manager. The common FJP executes tasks with no permissions. One of two things must be done:

      1. Do not use the fork-join pool; find some other async solution which preserves the access control context.
      2. Capture and propagate the current AccessControlContext when calling isClasspathCorrectAsync. This can be done by calling AccessController.getContext() before submitting the task, and then, within the submitted lambda, wrap the call to isClasspathCorrect with a call to AccessController.doPrivileged() which restores the captured context (by giving it as the second parameter). Note that this will entail a nested lambda or anonymous class.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              dlloyd@redhat.com David Lloyd
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: