Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2884

Missing AccessController.doPrivileged() calls in DefaultConfiguration cause Java 2 Security errors.

    XMLWordPrintable

Details

    Description

      org.jboss.resteasy.spi.config.DefaultConfiguration.apply() in resteasy-core-spi callsĀ 

      System.getProperty(name) on line 169.
      This causes the following error when Java 2 Security is enabled:

      Caused by: java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "java.io.tmpdir" "read")
      	at java.base/java.security.AccessController.throwACE(AccessController.java:176)
      	at java.base/java.security.AccessController.checkPermissionHelper(AccessController.java:238)
      	at java.base/java.security.AccessController.checkPermission(AccessController.java:385)
      	at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
      	at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1066)
      	at java.base/java.lang.System.getProperty(System.java:506)
      	at java.base/java.lang.System.getProperty(System.java:475)
      	at org.jboss.resteasy.spi.config.DefaultConfiguration$Resolver.apply(DefaultConfiguration.java:169)
      	at org.jboss.resteasy.spi.config.DefaultConfiguration$Resolver.apply(DefaultConfiguration.java:160)
      	at org.jboss.resteasy.spi.config.DefaultConfiguration.getOptionalValue(DefaultConfiguration.java:99)
      	at org.jboss.resteasy.client.jaxrs.engines.ManualClosingApacheHttpClient43Engine.<init>(ManualClosingApacheHttpClient43Engine.java:120)
      	at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine.<init>(ApacheHttpClient43Engine.java:29)
      	at org.jboss.resteasy.client.jaxrs.engines.ClientHttpEngineBuilder43.createEngine(ClientHttpEngineBuilder43.java:265)
      	at org.jboss.resteasy.client.jaxrs.engines.ClientHttpEngineBuilder43.build(ClientHttpEngineBuilder43.java:210)
      	... 39 more
      

      Attachments

        Activity

          People

            jperkins-rhn James Perkins
            atanders Adam Anderson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: