portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Le Strat <dlest...@yahoo.com>
Subject Re: Question about RdbmsPolicy with no principals
Date Thu, 19 Jan 2006 23:13:16 GMT
David,

See comments below.

--- David Jencks <david_jencks@yahoo.com> wrote:

> In RdbmsPolicy, if there are no principals,
> AllPermission is  
> granted.  IIUC this can only happen if security is
> misconfigured,  
> since before login everything should be done with
> the "guest"  
> subject.  Isn't this a security  hole, to allow full
> access if  
> security is not set up properly?
> 
> 
> Here is the relevant code with debug statements
> removed:
> 
>      public boolean implies(ProtectionDomain
> protectionDomain,  
> Permission permission)
>      {
>          Principal[] principals =
> protectionDomain.getPrincipals();
>          PermissionCollection perms = new
> Permissions();
>          boolean permImplied = false;
>          if ((null != principals) &&
> (principals.length > 0))
>          {
>              // We need to authorize java
> permissions.
>              // Without this check, we get a
> ClassCircularityError in  
> Tomcat.
>              if
> (permission.getClass().getName().startsWith("java"))
>              {
>                  perms.add(new AllPermission());
>              }
>              else
>              {
>                  perms =
> pms.getPermissions(Arrays.asList(principals));
>              }
>          }
>          else
>          {
>              // No principal is returned from the
> subject.
>              // For security check, be sure to use
> doAsPrivileged 
> (theSubject, anAction, null)...
>              // We grant access when no principal is
> associated to  
> the subject.
>              perms.add(new AllPermission());
>  >>> DOESN"T THIS MEAN SECURITY IS NOT PROPERLY
> CONFIGURED AND WE  
> SHOULD DENY ALL ACCESS?

Agree with you, this should be fixed.  I am a little
blurry on why I did this here.  I remember running
into infinite loop and startup issues with Tomcat
security enabled, I may have ended up doing this to
address this issue.  As we replace the JDK policy ,
not all policy checks will necessarily have a Subject,
with Tomcat for instance, especially at startup, if
you deny all, you will get start up issues.

I look forward to your ideas on the matter.

>          }
>          if (null != perms)
>          {
>              permImplied =
> perms.implies(permission);
>          }
>          return permImplied;
>      }
> 
> 
> Am I missing something?
> 
> thanks
> david jencks
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
> 
> 


________________________
David Le Strat
Blogging @ http://dlsthoughts.blogspot.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message