You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Dave Roberts (JIRA)" <ji...@apache.org> on 2016/05/26 12:59:12 UTC
[jira] [Created] (SSHD-668) AccessControlException running under
OSGi container
Dave Roberts created SSHD-668:
---------------------------------
Summary: AccessControlException running under OSGi container
Key: SSHD-668
URL: https://issues.apache.org/jira/browse/SSHD-668
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 1.2.0
Reporter: Dave Roberts
Using a minimalistic version of the "SSHD in 5 minutes", I was able to run this up and connect using WinSCP no problem.
I then added my JAR as a bundle into an OSGi container. This deployed OK, but as soon as I tried to connect, the following exception was thrown:-
{noformat}
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.sun.enterprise.security.ee.J2EESecurityManager.checkAccess(J2EESecurityManager.java:98)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
at java.lang.Thread.init(Thread.java:391)
at java.lang.Thread.init(Thread.java:349)
at java.lang.Thread.<init>(Thread.java:675)
at org.apache.sshd.common.util.threads.ThreadUtils$SshdThreadFactory.newThread(ThreadUtils.java:174)
at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:612)
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:925)
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1357)
at sun.nio.ch.AsynchronousChannelGroupImpl.executeOnPooledThread(AsynchronousChannelGroupImpl.java:188)
at sun.nio.ch.Invoker.invokeIndirectly(Invoker.java:212)
at sun.nio.ch.Invoker.invokeIndirectly(Invoker.java:313)
at sun.nio.ch.WindowsAsynchronousServerSocketChannelImpl$AcceptTask.completed(WindowsAsynchronousServerSocketChannelImpl.java:272)
at sun.nio.ch.Iocp$EventHandlerTask.run(Iocp.java:397)
at java.lang.Thread.run(Thread.java:745)
at sun.misc.InnocuousThread.run(InnocuousThread.java:74)
{noformat}
I'm no expert on the java security model, but I traced how the initial thread was created successfully, so modified the thread instantiation in {{SshdThreadFactory.newThread}} to run in priviledged mode:-
{code:java}
try {
t = AccessController.doPrivileged(new PrivilegedExceptionAction<Thread>() {
public Thread run() {
return new Thread(group, r, namePrefix + threadNumber.getAndIncrement(), 0);
}
});
} catch (PrivilegedActionException e1) {
//Exception from privileged code block, re-throwing...
throw (RuntimeException) e1.getException();
}
{code}
This resolved the issue and also worked correctly in standalone mode (invoking my SSHD implementation from a main method). Of course there may be side effects that I'm not aware of when doing the above when it's not required, in which case it can obviously be wrapped in a test that loads the Security Manager and checks whether the permission is required.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)