This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 96586 - TopSecurityManager doesn't delegate permission checks
Summary: TopSecurityManager doesn't delegate permission checks
Status: RESOLVED WONTFIX
Alias: None
Product: platform
Classification: Unclassified
Component: -- Other -- (show other bugs)
Version: 5.x
Hardware: All All
: P3 blocker (vote)
Assignee: Antonin Nebuzelsky
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-02-26 14:40 UTC by emi
Modified: 2015-10-14 13:13 UTC (History)
2 users (show)

See Also:
Issue Type: ENHANCEMENT
Exception Reporter:

Attachments
My simple changes. It also includes some unnecessary comments and debug info. (567 bytes, text/plain)
2007-02-26 14:43 UTC, emi 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description emi 2007-02-26 14:40:43 UTC 
Hy,

I'm trying to make the Platform more Security-aware.

The first block is TopSecurityManager (which , of course) doesn't allow me to
set my own security manager. But it does allow (via a reflection hack) to
register another security manager as a "delegate".

Unfortunately ,it only delegates checkExit() and not the whole Permission-based
check. So, my first patch it to also delegate the Permission check.

Thus, with this patch one could install his own SecurityManager.

Of course, this is only the first step. The next problem is with the
classloaders that set an AllPermission on all the modules (thus the new
securitymanager per se doesn't do much).
Comment 1 emi 2007-02-26 14:43:15 UTC 
Created attachment 38910 [details]
My simple changes. It also includes some unnecessary comments and debug info.
Comment 2 Petr Nejedly 2007-02-27 14:12:22 UTC 
Is this all necessary in TSM?
No changes in e.g. (currently empty) checkRead/checkWrite?
Comment 3 emi 2007-02-27 16:51:17 UTC 
No.

If we go the "delegate" way, all the checkXX should delegate to the other
security managers (except checkSetSecurityManager).

But my patch should be enough for a first-step that allows you to use custom
Permissions so that at some point you can rech JAAS level.

I'll try and submit a patch with delegate for all the checks.

To avoid the spead-penalty I should probably subclass TopSecurityManager, invent
a new property (like use.netbeans.security) and only set the subclass as
SecurityManager if that property is set.

Any ideas ?
Comment 4 Jaroslav Tulach 2007-03-04 22:01:50 UTC 
Y01 Please investigate whether it is possible to fill the delegates using 
lookup. E.g. delegates = Lookup.getDefault().lookupAll(SecurityManager.class). 
Then your modules can just create appropriate 
META-INF/services/java.lang.SecurityManager file and do not need dependency on 
core/bootstrap. Potentially the checkExit could be delegated to the same 
classes as now, and we could delegate all checks to MetaInf services. That way 
the functionality would stay there, but the performance shall not be impacted 
at all for IDE (which has no such registrations).
Comment 5 Antonin Nebuzelsky 2008-02-19 13:59:53 UTC 
Reassigning to new module owner Tomas Holy.
Comment 6 Jaroslav Tulach 2008-02-21 08:59:44 UTC 
I have a feeling that Radek experimented with this a bit.
Comment 7 rmatous 2008-02-27 15:07:52 UTC 
My intention was just to have hook for masterfs - no explicit delegation as required. I think Tomas Holy is the right
person.
Comment 8 Petr Hejl 2015-10-14 13:13:54 UTC 
1) Seems to be in wrong BZ component.
2) There does not seem to be any demand for this.