Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
0.10, 0.20, 0.30
-
None
Description
Registering SASL providers with the Java Security API requires specific SecurityManager permissions. This registration will fail if the JVM's security.policy denies it. This can happens in execution environments such as web containers.
Currently the SASL registration takes place as a side effect of protocol connection negotiation. If it fails here, it is the IO threads that see the exception, rather than the caller's thread.
The SASL registration should be moved so that we fail fast, on a thread belonging to the application.
Caused by: java.security.AccessControlException: access denied (java.security.SecurityPermission putProviderProperty.AMQSASLProvider-Client) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1698) at java.security.Provider.check(Provider.java:386) at java.security.Provider.put(Provider.java:309) at org.apache.qpid.client.security.JCAProvider.register(JCAProvider.java:68) at org.apache.qpid.client.security.JCAProvider.<init>(JCAProvider.java:55) at org.apache.qpid.client.security.DynamicSaslRegistrar.registerSaslProviders(DynamicSaslRegistrar.java:89) at org.apache.qpid.client.security.CallbackHandlerRegistry.<init>(CallbackHandlerRegistry.java:116) at org.apache.qpid.client.security.CallbackHandlerRegistry.<clinit>(CallbackHandlerRegistry.java:69)