-
Bug
-
Resolution: Fixed
-
P3
-
1.2.0
-
1.1.6
-
sparc
-
solaris_2.5
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2018906 | 1.2.0 | Peter Jones | P3 | Resolved | Fixed | 1.2beta3 |
To avoid the potential long delay of waiting for a failing DNS host name
resolution before attempting to fall back to HTTP tunnelling, in default HTTP
proxy fallback mode, RMI makes its first attempt to connect to a host in a
separate thread, while it prepares to make a connection over HTTP. The problem
is that this AsyncConnector thread is created (like all other RMI system
threads) in a privileged block, so it does not inherit the AccessControlContext
of the thread that is really trying to make the connection. Therefore, the
security check for the first RMI call to a given host may succeed when it should
not. Subsequent calls will correctly fail, either creating a new connection to
the same host, or reusing an existing connection to the same host.
resolution before attempting to fall back to HTTP tunnelling, in default HTTP
proxy fallback mode, RMI makes its first attempt to connect to a host in a
separate thread, while it prepares to make a connection over HTTP. The problem
is that this AsyncConnector thread is created (like all other RMI system
threads) in a privileged block, so it does not inherit the AccessControlContext
of the thread that is really trying to make the connection. Therefore, the
security check for the first RMI call to a given host may succeed when it should
not. Subsequent calls will correctly fail, either creating a new connection to
the same host, or reusing an existing connection to the same host.
- backported by
-
JDK-2018906 async connect thread doesn't attempt connections in right access control context
-
- Resolved
-
- relates to
-
-
- Closed
-