Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2642

Java 2 security doPriv block required for reading system properties

    XMLWordPrintable

    Details

      Description

      When a Java 2 security manager is enabled, an AccessControlException is thrown while creating a new JAX-RS Client instance:

       

      ("java.util.PropertyPermission" "org.jboss.resteasy.max_mediatype_cache_size" "read")
      {{Stack: }}
      java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "org.jboss.resteasy.max_mediatype_cache_size" "read")java.base/java.security.AccessController.throwACE(AccessController.java:176)
      java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:237)
      java.base/java.security.AccessController.checkPermission(AccessController.java:373)
      java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
      com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45)
      java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1066)
      java.base/java.lang.System.getProperty(System.java:450)
      java.base/java.lang.System.getProperty(System.java:419)
      java.base/java.lang.Integer.getInteger(Integer.java:1331)
      java.base/java.lang.Integer.getInteger(Integer.java:1287)
      org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate.<clinit>(MediaTypeHeaderDelegate.java:24)
      org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.initializeCommon(ResteasyProviderFactoryImpl.java:224)
      org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.<init>(ResteasyProviderFactoryImpl.java:152)
      org.jboss.resteasy.plugins.providers.RegisterBuiltin$1.<init>(RegisterBuiltin.java:46)
      org.jboss.resteasy.plugins.providers.RegisterBuiltin.getClientInitializedResteasyProviderFactory(RegisterBuiltin.java:46)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.getProviderFactory(ResteasyClientBuilderImpl.java:355)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.build(ResteasyClientBuilderImpl.java:373)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.build(ResteasyClientBuilderImpl.java:43)
      javax.ws.rs.client.ClientBuilder.newClient(ClientBuilder.java:121)
      com.ibm.ws.jaxrs21.fat.uriInfo.ClientTestServlet.init(ClientTestServlet.java:41)

       

      It should be possible to avoid this by wrapping the System.getProperty(...) and Integer.getInteger(...) calls inside a doPriv block.

        Attachments

          Activity

            People

            Assignee:
            asoldano Alessio Soldano
            Reporter:
            andymc12 Andy McCright (Inactive)
            Involved:
            Andy McCright (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: