Uploaded image for project: 'Spatial Information Systems'
  1. Spatial Information Systems
  2. SIS-320

Enable SIS to run is security-constrained environments

    XMLWordPrintableJSON

    Details

      Description

      Wraps some code necessary to SIS working in AccessController.doPrivileged(...) blocks. Examples:

      String dir = AccessController.doPrivileged((PrivilegedAction<String>) () -> {
          return System.getenv("SIS_DATA");
      });
      

      We should not wrap all security-sensitive request for information, but only those that are needed for SIS working. Examples:

      • Environment variable value for SIS_DATA.
      • Property value for "java.naming.factory.initial", "derby.system.home".
      • Call to Field.setAccessible(true) in clone() methods for setting final fields.

      Information for which we do not request privileged actions at this time:

      • MBean registration.
      • Property value for "java.home".
      • Call to Field.setAccessible(true) on deserialization for setting final transient fields.

      Initial patch for SIS has been submitted by Guilhem L├ęgal.

        Attachments

          Activity

            People

            • Assignee:
              desruisseaux Martin Desruisseaux
              Reporter:
              desruisseaux Martin Desruisseaux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: