Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2642

Java 2 security doPriv block required for reading system properties

    Details

      Description

      When a Java 2 security manager is enabled, an AccessControlException is thrown while creating a new JAX-RS Client instance:

       

      ("java.util.PropertyPermission" "org.jboss.resteasy.max_mediatype_cache_size" "read")
      {{Stack: }}
      java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "org.jboss.resteasy.max_mediatype_cache_size" "read")java.base/java.security.AccessController.throwACE(AccessController.java:176)
      java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:237)
      java.base/java.security.AccessController.checkPermission(AccessController.java:373)
      java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
      com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45)
      java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1066)
      java.base/java.lang.System.getProperty(System.java:450)
      java.base/java.lang.System.getProperty(System.java:419)
      java.base/java.lang.Integer.getInteger(Integer.java:1331)
      java.base/java.lang.Integer.getInteger(Integer.java:1287)
      org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate.<clinit>(MediaTypeHeaderDelegate.java:24)
      org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.initializeCommon(ResteasyProviderFactoryImpl.java:224)
      org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.<init>(ResteasyProviderFactoryImpl.java:152)
      org.jboss.resteasy.plugins.providers.RegisterBuiltin$1.<init>(RegisterBuiltin.java:46)
      org.jboss.resteasy.plugins.providers.RegisterBuiltin.getClientInitializedResteasyProviderFactory(RegisterBuiltin.java:46)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.getProviderFactory(ResteasyClientBuilderImpl.java:355)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.build(ResteasyClientBuilderImpl.java:373)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.build(ResteasyClientBuilderImpl.java:43)
      javax.ws.rs.client.ClientBuilder.newClient(ClientBuilder.java:121)
      com.ibm.ws.jaxrs21.fat.uriInfo.ClientTestServlet.init(ClientTestServlet.java:41)

       

      It should be possible to avoid this by wrapping the System.getProperty(...) and Integer.getInteger(...) calls inside a doPriv block.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                asoldano Alessio Soldano
                Reporter:
                andymc12 Andy McCright
                Involved:
                Andy McCright
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: