You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@aries.apache.org by Valentin Mahrwald <vm...@googlemail.com> on 2011/01/04 17:09:12 UTC

Java 2 security around field injection

Hi,

in some external testing with the Apache Aries stack under Java 2 security I have found that the field injection that was introduced a while back does not work all that great.

Currently, Blueprint uses the joint permissions of the Blueprint bundle and the Blueprint extender bundle to perform any kind of privileged actions like property injection, service retrieval and field injection.

However, this permission scheme does not work that well with field injection because usually a Blueprint bundle would not need to (and probably should not) have ReflectPermission. Especially, if all that the field injection is used for is something relatively common like injecting a PersistenceContext ...

So what I would like to implement is a scheme where we the restrictions are a bit more relaxed:
- field injection for fields in classes that reside in the Blueprint bundle itself is done with the permissions of the Blueprint extender
- all other field injections uses joint permissions as before

That kind of scheme should allow a good majority of the use cases of field injection while hopefully not compromising security.

What do people think? Are there better alternatives?

Regards,

Valentin


---
Stack trace:

java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
at org.apache.aries.blueprint.utils.ReflectionUtils$FieldPropertyDescriptor.internalSet(ReflectionUtils.java:379)
at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor$2.run(ReflectionUtils.java:307)
at java.security.AccessController.doPrivileged(AccessController.java:288)
at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:305)
at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:810)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:778)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:759)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:725)
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
at org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:60)
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)
at org.apache.aries.blueprint.container.BlueprintRepository.createInstance(BlueprintRepository.java:198)
at org.apache.aries.blueprint.container.BlueprintRepository.create(BlueprintRepository.java:137)
at org.apache.aries.blueprint.container.ServiceRecipe.createRecipe(ServiceRecipe.java:368)
at org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:276)
at org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:246)
at org.apache.aries.blueprint.container.ServiceRecipe.getService(ServiceRecipe.java:325)
at org.apache.aries.blueprint.container.ServiceRecipe$TriggerServiceFactory.getService(ServiceRecipe.java:430)

RE: Java 2 security around field injection

Posted by Timothy Ward <ti...@apache.org>.

+1 from me as well.

It obviously stinks to require any blueprint bundle to have ReflectPermission to use the field injection schema (particularly for annotation based injection), but it would be unpleasant to allow any bundle to reflectively change classes from other bundles or the VM. I think this is a sensible middle ground.

Tim

----------------------------------------
> Subject: Re: Java 2 security around field injection
> From: not@apache.org
> Date: Tue, 4 Jan 2011 16:34:33 +0000
> To: dev@aries.apache.org
>
> Sounds reasonable to me.
>
> Alasdair Nottingham
>
> On 4 Jan 2011, at 16:09, Valentin Mahrwald  wrote:
>
> > Hi,
> >
> > in some external testing with the Apache Aries stack under Java 2 security I have found that the field injection that was introduced a while back does not work all that great.
> >
> > Currently, Blueprint uses the joint permissions of the Blueprint bundle and the Blueprint extender bundle to perform any kind of privileged actions like property injection, service retrieval and field injection.
> >
> > However, this permission scheme does not work that well with field injection because usually a Blueprint bundle would not need to (and probably should not) have ReflectPermission. Especially, if all that the field injection is used for is something relatively common like injecting a PersistenceContext ...
> >
> > So what I would like to implement is a scheme where we the restrictions are a bit more relaxed:
> > - field injection for fields in classes that reside in the Blueprint bundle itself is done with the permissions of the Blueprint extender
> > - all other field injections uses joint permissions as before
> >
> > That kind of scheme should allow a good majority of the use cases of field injection while hopefully not compromising security.
> >
> > What do people think? Are there better alternatives?
> >
> > Regards,
> >
> > Valentin
> >
> >
> > ---
> > Stack trace:
> >
> > java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> > at java.security.AccessController.checkPermission(AccessController.java:108)
> > at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> > at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> > at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> > at org.apache.aries.blueprint.utils.ReflectionUtils$FieldPropertyDescriptor.internalSet(ReflectionUtils.java:379)
> > at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor$2.run(ReflectionUtils.java:307)
> > at java.security.AccessController.doPrivileged(AccessController.java:288)
> > at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:305)
> > at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:810)
> > at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:778)
> > at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:759)
> > at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:725)
> > at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
> > at org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:60)
> > at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
> > at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)
> > at org.apache.aries.blueprint.container.BlueprintRepository.createInstance(BlueprintRepository.java:198)
> > at org.apache.aries.blueprint.container.BlueprintRepository.create(BlueprintRepository.java:137)
> > at org.apache.aries.blueprint.container.ServiceRecipe.createRecipe(ServiceRecipe.java:368)
> > at org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:276)
> > at org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:246)
> > at org.apache.aries.blueprint.container.ServiceRecipe.getService(ServiceRecipe.java:325)
> > at org.apache.aries.blueprint.container.ServiceRecipe$TriggerServiceFactory.getService(ServiceRecipe.java:430)

Re: Java 2 security around field injection

Posted by Alasdair Nottingham <no...@apache.org>.

Sounds reasonable to me.

Alasdair Nottingham

On 4 Jan 2011, at 16:09, Valentin Mahrwald <vm...@googlemail.com> wrote:

> Hi,
> 
> in some external testing with the Apache Aries stack under Java 2 security I have found that the field injection that was introduced a while back does not work all that great.
> 
> Currently, Blueprint uses the joint permissions of the Blueprint bundle and the Blueprint extender bundle to perform any kind of privileged actions like property injection, service retrieval and field injection.
> 
> However, this permission scheme does not work that well with field injection because usually a Blueprint bundle would not need to (and probably should not) have ReflectPermission. Especially, if all that the field injection is used for is something relatively common like injecting a PersistenceContext ...
> 
> So what I would like to implement is a scheme where we the restrictions are a bit more relaxed:
> - field injection for fields in classes that reside in the Blueprint bundle itself is done with the permissions of the Blueprint extender
> - all other field injections uses joint permissions as before
> 
> That kind of scheme should allow a good majority of the use cases of field injection while hopefully not compromising security.
> 
> What do people think? Are there better alternatives?
> 
> Regards,
> 
> Valentin
> 
> 
> ---
> Stack trace:
> 
> java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> at org.apache.aries.blueprint.utils.ReflectionUtils$FieldPropertyDescriptor.internalSet(ReflectionUtils.java:379)
> at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor$2.run(ReflectionUtils.java:307)
> at java.security.AccessController.doPrivileged(AccessController.java:288)
> at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:305)
> at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:810)
> at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:778)
> at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:759)
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:725)
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
> at org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:60)
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstance(BlueprintRepository.java:198)
> at org.apache.aries.blueprint.container.BlueprintRepository.create(BlueprintRepository.java:137)
> at org.apache.aries.blueprint.container.ServiceRecipe.createRecipe(ServiceRecipe.java:368)
> at org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:276)
> at org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:246)
> at org.apache.aries.blueprint.container.ServiceRecipe.getService(ServiceRecipe.java:325)
> at org.apache.aries.blueprint.container.ServiceRecipe$TriggerServiceFactory.getService(ServiceRecipe.java:430)