You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by "Dan Creswell (JIRA)" <ji...@apache.org> on 2007/08/04 16:11:53 UTC
[jira] Created: (RIVER-183) clarify meaning of "calls from the
local host"
clarify meaning of "calls from the local host"
----------------------------------------------
Key: RIVER-183
URL: https://issues.apache.org/jira/browse/RIVER-183
Project: River
Issue Type: Bug
Components: com_sun_jini_phoenix
Affects Versions: jtsk_2.1
Reporter: Dan Creswell
Priority: Minor
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
Certain deployment-oriented classes in the com.sun.jini. customer package:
AccessILFactory
InstantiatorAccessExporter
MonitorAccessExporter
SystemAccessExporter
SystemAccessILFactory
SystemAccessILFactory.SystemDispatcher
SystemAccessProxyTrustILFactory
describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905248#action_12905248 ]
Hudson commented on RIVER-183:
------------------------------
Integrated in River-trunk #315 (See [https://hudson.apache.org/hudson/job/River-trunk/315/])
RIVER-183: add unit test for LocalAccess
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12911020#action_12911020 ]
Hudson commented on RIVER-183:
------------------------------
Integrated in River-trunk #327 (See [https://hudson.apache.org/hudson/job/River-trunk/327/])
RIVER-183: allow all loopback addresses to be considered as local
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Work started: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on RIVER-183 started by Jonathan Costers.
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RIVER-183) clarify meaning of "calls
from the local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12902689#action_12902689 ]
Jonathan Costers edited comment on RIVER-183 at 8/28/10 6:34 AM:
-----------------------------------------------------------------
This patch additionally allows any loopback address as origin of a call.
It also adds javadoc explaining how exactly this "calls from local host only" access control is currently implemented.
was (Author: jcosters):
This patch additionally allows any loopback address as origin of a call.
It also adds javadoc explaining how exactly "access to local host only" is currently implemented.
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12903813#action_12903813 ]
Jonathan Costers commented on RIVER-183:
----------------------------------------
Reading the original issue report, it seems the above access control does not work as intended in all circumstances (i.e. it would allow calls from origins other than the local host in some circumstances).
Question is how to deal with these cases in the access control implementation?
Any thoughts?
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Costers resolved RIVER-183.
------------------------------------
Fix Version/s: AR3
Resolution: Fixed
documented what "local access" means, added unit tests confirming this behaviour and fixed issue with some loopback addresses
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Fix For: AR3
>
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Costers reassigned RIVER-183:
--------------------------------------
Assignee: Jonathan Costers
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Assignee: Jonathan Costers
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RIVER-183) clarify meaning of "calls from the
local host"
Posted by "Jonathan Costers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RIVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Costers updated RIVER-183:
-----------------------------------
Attachment: RIVER-183.patch
This patch additionally allows any loopback address as origin of a call.
It also adds javadoc explaining how exactly "access to local host only" is currently implemented.
> clarify meaning of "calls from the local host"
> ----------------------------------------------
>
> Key: RIVER-183
> URL: https://issues.apache.org/jira/browse/RIVER-183
> Project: River
> Issue Type: Bug
> Components: com_sun_jini_phoenix
> Affects Versions: jtsk_2.1
> Reporter: Dan Creswell
> Priority: Minor
> Attachments: RIVER-183.patch
>
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
> Certain deployment-oriented classes in the com.sun.jini. customer package:
> AccessILFactory
> InstantiatorAccessExporter
> MonitorAccessExporter
> SystemAccessExporter
> SystemAccessILFactory
> SystemAccessILFactory.SystemDispatcher
> SystemAccessProxyTrustILFactory
> describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
> With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
> This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
> Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.