+1 from me as well. It obviously stinks to require any blueprint bundle to have ReflectPermission to use the field injection schema (particularly for annotation based injection), but it would be unpleasant to allow any bundle to reflectively change classes from other bundles or the VM. I think this is a sensible middle ground.
Tim ---------------------------------------- > Subject: Re: Java 2 security around field injection > From: [email protected] > Date: Tue, 4 Jan 2011 16:34:33 +0000 > To: [email protected] > > Sounds reasonable to me. > > Alasdair Nottingham > > On 4 Jan 2011, at 16:09, Valentin Mahrwald wrote: > > > Hi, > > > > in some external testing with the Apache Aries stack under Java 2 security > > I have found that the field injection that was introduced a while back does > > not work all that great. > > > > Currently, Blueprint uses the joint permissions of the Blueprint bundle and > > the Blueprint extender bundle to perform any kind of privileged actions > > like property injection, service retrieval and field injection. > > > > However, this permission scheme does not work that well with field > > injection because usually a Blueprint bundle would not need to (and > > probably should not) have ReflectPermission. Especially, if all that the > > field injection is used for is something relatively common like injecting a > > PersistenceContext ... > > > > So what I would like to implement is a scheme where we the restrictions are > > a bit more relaxed: > > - field injection for fields in classes that reside in the Blueprint bundle > > itself is done with the permissions of the Blueprint extender > > - all other field injections uses joint permissions as before > > > > That kind of scheme should allow a good majority of the use cases of field > > injection while hopefully not compromising security. > > > > What do people think? Are there better alternatives? > > > > Regards, > > > > Valentin > > > > > > --- > > Stack trace: > > > > java.security.AccessControlException: Access denied > > (java.lang.reflect.ReflectPermission suppressAccessChecks) > > at java.security.AccessController.checkPermission(AccessController.java:108) > > at java.lang.SecurityManager.checkPermission(SecurityManager.java:533) > > at > > com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212) > > at > > java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107) > > at > > org.apache.aries.blueprint.utils.ReflectionUtils$FieldPropertyDescriptor.internalSet(ReflectionUtils.java:379) > > at > > org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor$2.run(ReflectionUtils.java:307) > > at java.security.AccessController.doPrivileged(AccessController.java:288) > > at > > org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:305) > > at > > org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:810) > > at > > org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:778) > > at > > org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:759) > > at > > org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:725) > > at > > org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64) > > at org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:60) > > at > > org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64) > > at > > org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219) > > at > > org.apache.aries.blueprint.container.BlueprintRepository.createInstance(BlueprintRepository.java:198) > > at > > org.apache.aries.blueprint.container.BlueprintRepository.create(BlueprintRepository.java:137) > > at > > org.apache.aries.blueprint.container.ServiceRecipe.createRecipe(ServiceRecipe.java:368) > > at > > org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:276) > > at > > org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:246) > > at > > org.apache.aries.blueprint.container.ServiceRecipe.getService(ServiceRecipe.java:325) > > at > > org.apache.aries.blueprint.container.ServiceRecipe$TriggerServiceFactory.getService(ServiceRecipe.java:430)
