[jira] Updated: (YOKO-302) Cannot run yoko without permission to create a security manager

Sun, 04 Mar 2007 17:41:11 -0800 

     [ 
https://issues.apache.org/jira/browse/YOKO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Jencks updated YOKO-302:
------------------------------

    Attachment: YOKO-302-2.patch

Rick pointed out that my first patch is entirely against the classloading 
behavior in the spec, and that wrapping the attempt to create the security 
manager in a PrivilegedAction might let it proceed in all reasonable 
environments.  The attached patch does that and works fine in my environment.

> Cannot run yoko without permission to create a security manager
> ---------------------------------------------------------------
>
>                 Key: YOKO-302
>                 URL: https://issues.apache.org/jira/browse/YOKO-302
>             Project: Yoko - CORBA Server
>          Issue Type: Bug
>          Components: orb core
>    Affects Versions: v1.0-incubating-M2
>            Reporter: David Jencks
>         Attachments: YOKO-302-2.patch, YOKO-302.patch
>
>
> I've run into a situation where I'm trying to use yoko in an environment 
> where it doesn't have permission to create a security manager.  UtilImpl and 
> UtilLoader have the same code with a static field
>     // Note: this field must be declared before the static intializer that 
> calls Util.loadClass
>     // since that method will call loadClass0 which uses this field... if it 
> is below the static
>     // initializer the _secman field will be null
>     private static final SecMan _secman = new SecMan();
>     static class SecMan extends java.rmi.RMISecurityManager {
>         public Class[] getClassContext() {
>             return super.getClassContext();
>         }
>     }
> which is used in an attempt to load a class:
>         ClassLoader stackLoader = null;
>         Class[] stack = _secman.getClassContext();
>         for (int i = 1; i < stack.length; i++) {
>             stackLoader = stack[i].getClassLoader();
>             if (stackLoader != null)
>                 break;
>         }
>         if (stackLoader != null) {
>             try {
>                 result = stackLoader.loadClass(name);
>             } catch (ClassNotFoundException ex) {
>                 // skip //
>             }
>             if (result != null) {
>                 return result;
>             }
>         }
> obviously, in an environment where we don't have permission to create a 
> security manager this will fail.
> Patching the code to continue if it can't create the security manager works 
> fine for the situation I've encountered.  Are there any other bad effects?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to