Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2707

Java 2 security doPriv block required for Socket Permission

    XMLWordPrintable

Details

    Description

      When a Java 2 security manager is enabled, an AccessControlException is thrown while creating a new Client instance:

      Stack:
      java.security.AccessControlException: access denied ("java.net.SocketPermission" "Jims-MBP" "resolve")java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
      java.security.AccessController.checkPermission(AccessController.java:886)
      java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
      com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45)
      java.lang.SecurityManager.checkConnect(SecurityManager.java:1048)
      java.net.InetAddress.getLocalHost(InetAddress.java:1478)
      sun.management.VMManagementImpl.getVmId(VMManagementImpl.java:140)
      sun.management.RuntimeImpl.getName(RuntimeImpl.java:59)
      org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.<clinit>(ManualClosingApacheHttpClient43Engine.java:61)
      org.jboss.resteasy.client.jaxrs.engines.ClientHttpEngineBuilder43.createEngine(ClientHttpEngineBuilder43.java:229)
      org.jboss.resteasy.client.jaxrs.engines.ClientHttpEngineBuilder43.build(ClientHttpEngineBuilder43.java:180)
      org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl.build(ResteasyClientBuilderImpl.java:393)
      io.openliberty.org.jboss.resteasy.common.client.LibertyResteasyClientBuilderImpl.build(LibertyResteasyClientBuilderImpl.java:42)
      io.openliberty.org.jboss.resteasy.common.client.LibertyResteasyClientBuilderImpl.build(LibertyResteasyClientBuilderImpl.java:28)
      jakarta.ws.rs.client.ClientBuilder.newClient(ClientBuilder.java:88)
      com.ibm.ws.jaxrs.fat.response.ClientTestServlet.runTest(ClientTestServlet.java:64)

       

      It should be possible to avoid this in ManualClosingApacheHttpClient43Engine.java by wrapping the static block for retrieving the processId inside a doPriv block similar to this:

      static
      {
         try {
           processId = AccessController.doPrivileged(new PrivilegedExceptionAction<String>() {
            @Override
             public String run() throws Exception

      {        return ManagementFactory.getRuntimeMXBean().getName().replaceAll("[^0-9a-zA-Z]", "");        }


           });
         } catch (PrivilegedActionException pae)

      {      throw new RuntimeException(pae);    }

      }

      Attachments

        Activity

          People

            rsearls r searls
            jim_krueger Jim Krueger
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: