Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
jtsk_2.1
-
None
-
6305654
Description
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6305654
Certain deployment-oriented classes in the com.sun.jini. customer package:
AccessILFactory
InstantiatorAccessExporter
MonitorAccessExporter
SystemAccessExporter
SystemAccessILFactory
SystemAccessILFactory.SystemDispatcher
SystemAccessProxyTrustILFactory
describe an access control behavior of only accepting "calls from the local host", but what that means isn't precisely spelled out.
With the current implementation, it specifically means that if, in the dispatched call, there is a ServerContext and it contains an element that is an instance of ClientHost, then if the InetAddress returned by ClientHost.getClientHost is not a local network interface (according to NetworkInterface.getByInetAddress), the call will be rejected; in all other cases, the call will be accepted.
This means that a call received because of an IiopExporter will always be accepted (because there will not be a ServerContext at all). It also means that a call received because of a BasicJeriExporter with a server endpoint that does not populate the inbound request context with a ClientHost will always be accepted-- this could be desirable if the transport provider is local (such as a shared memory transport), but not if the transport provider is non-local but not IP-based, so there is no meaningful ClientHost InetAddress.
Whether or not the current implementation of "calls from the local host" is ultimately desirable, the documentation should be updated to clarify what it means, so that deployers can make more informed decisions about what kind of access control it provides when combined with different kinds of exporters or JERI transport providers.