[#SFOS-1164] Ant daemon tasks do not use the same security manager as the shell scripts

SmartFrog

Ant daemon tasks do not use the same security manager as the shell scripts

Created: 25/Mar/09 01:57 PM (GMT) Updated: 15/May/09 11:03 AM (BST)

Component/s:

tools_ sf_ant_tasks

Affects Version/s:

3.17.010

Fix Version/s:

3.17.010

Time Tracking:

Not Specified

Issue Links:

Metabug

This issue surfaces in:

~~SFOS-495~~ for dynamic classloading, we need a way to set the security policy in the ant tasks, and a default one if none is provided

Compatibility:

may break builds or test process

Description

« Hide

The ant tasks don't set up a security manager; the shell scripts do. This is why security manager problems haven't been showing up in the tests. we should fix this with a security manager attribute, and the tests set up to point to that and the security policy.

This will break things

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Steve Loughran added a comment - 01/Apr/09 12:36 PM (BST)

I've added a security manager option. When set to the SF or sun security managers, everything fails.

not found: "Warning: stack trace logging enabled" log was "org.smartfrog.sfcore.security.SFGeneralSecurityException: Java Security Access control exception - SmartFrog is running under a security manager, but the main JAR is not signed by a trusted CA, or the permissions files are mis-configured
java.security.AccessControlException: access denied (java.util.PropertyPermission java.rmi.server.RMIClassLoaderSpi write)
Security manager ExitTrappingRealSecurityManager, systemExitPermitted=false; class: class org.smartfrog.sfcore.security.ExitTrappingRealSecurityManager; exit trapping: true
Java System Properties:access to properties denied: java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
Environment variablss:access to environment variables denied: java.security.AccessControlException: access denied (java.lang.RuntimePermission getenv.*)
at org.smartfrog.sfcore.security.SFSecurity.initSecurity(SFSecurity.java:116)
at org.smartfrog.SFSystem.initSystem(SFSystem.java:640)
at org.smartfrog.SFSystem.execute(SFSystem.java:407)
at org.smartfrog.SFSystem.main(SFSystem.java:395)Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.rmi.server.RMIClassLoaderSpi write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:727)
at org.smartfrog.sfcore.security.SFSecurity.initSecurity(SFSecurity.java:113) ... 3 more Failed to initialize SmartFrog"

at org.smartfrog.tools.ant.test.TaskTestBase.assertInLog(TaskTestBase.java:123)

at org.smartfrog.tools.ant.test.system.RunTest.testStackTrace(RunTest.java:105)

[ Show » ]

Steve Loughran added a comment - 01/Apr/09 12:36 PM (BST) I've added a security manager option. When set to the SF or sun security managers, everything fails. not found: "Warning: stack trace logging enabled" log was "org.smartfrog.sfcore.security.SFGeneralSecurityException: Java Security Access control exception - SmartFrog is running under a security manager, but the main JAR is not signed by a trusted CA, or the permissions files are mis-configured java.security.AccessControlException: access denied (java.util.PropertyPermission java.rmi.server.RMIClassLoaderSpi write) Security manager ExitTrappingRealSecurityManager, systemExitPermitted=false; class: class org.smartfrog.sfcore.security.ExitTrappingRealSecurityManager; exit trapping: true Java System Properties:access to properties denied: java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write) Environment variablss:access to environment variables denied: java.security.AccessControlException: access denied (java.lang.RuntimePermission getenv.*) at org.smartfrog.sfcore.security.SFSecurity.initSecurity(SFSecurity.java:116) at org.smartfrog.SFSystem.initSystem(SFSystem.java:640) at org.smartfrog.SFSystem.execute(SFSystem.java:407) at org.smartfrog.SFSystem.main(SFSystem.java:395)Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.rmi.server.RMIClassLoaderSpi write) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.System.setProperty(System.java:727) at org.smartfrog.sfcore.security.SFSecurity.initSecurity(SFSecurity.java:113) ... 3 more Failed to initialize SmartFrog" at org.smartfrog.tools.ant.test.TaskTestBase.assertInLog(TaskTestBase.java:123) at org.smartfrog.tools.ant.test.system.RunTest.testStackTrace(RunTest.java:105)

[ Permlink | « Hide ]

Steve Loughran added a comment - 22/Apr/09 04:55 PM (BST)

I've got the policy support at a stage where if you don't specify a security policy file, one gets copied out from the tasks JAR for you (that is deleted afterwards) -this policy grants all rights. All the extras/ant tests work for all the policies (which needs explicit tests, before closing this bugrep).

The result is that we can run the Ant-started SF with a proper security manager. I am now running the tests overnight with security.manager=smartfrog to see what happens

[ Permlink | « Hide ]

Steve Loughran added a comment - 28/Apr/09 12:31 PM (BST)

Fixed, does not break anything unless you set the security.manager variable, and even then, everything except the hadoop tests work.