-
Bug
-
Resolution: Fixed
-
P2
-
5.0u2
-
b05
-
x86
-
windows_xp
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2140829 | 6 | Sunita Koppar | P2 | Closed | Not an Issue |
They create ORB ThreadGroup at the time of ORB creation and this ORB
ThreadGroup is not child to Applet's ThreadGroup but it is child to
'system' thread group. I looked at their ORBImpl code here is what they
have as comment while creating ThreadGroup:
Usually when somebody does getParent() on the current thread group, it
should fail with the SecurityException based on standard J2SE security
permissions. However, they by-passed the security check. Here is how their
ThreadGroup creation looks like:
+++ Created ThreadGroup : java.lang.ThreadGroup[name=ORB
ThreadGroup,maxpri=10, Parent=java.lang.ThreadGroup[name=system,maxpri=10,
Parent=null]]
And Applet's ThreadGroup is as follows:
+++ Applet's thread group :
sun.applet.AppletThreadGroup[name=http://localhost:7001/Applets/-threadGroup,maxpri=4,
Parent=java.lang.ThreadGroup[name=main,maxpri=10,
Parent=java.lang.ThreadGroup[name=system,maxpri=10, Parent=null]]]
And since they by-passed the security checks they could go all the up for
the getting the parent and successfully able to create a child ThreadGroup
on it.
After this they are trying to access this thread group (ORB thread group)
inside their orb ThreadPool code and it is throwing SecurityException
since it is not child to Applet's ThreadGroup. Here is the stack trace for it:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission modifyThreadGroup)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at sun.applet.AppletSecurity.checkAccess(AppletSecurity.java:162)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:289)
at java.lang.Thread.init(Unknown Source)
at java.lang.Thread.<init>(Unknown Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.<init>(Unknown
Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.createWorkerThread(Unknown
Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.notifyForAvailableWork(Unknown
Source)
at com.sun.corba.se.impl.orbutil.threadpool.WorkQueueImpl.addWork(Unknown
Source)
at com.sun.corba.se.impl.transport.SelectorImpl.createReaderThread(Unknown
Source)
at com.sun.corba.se.impl.transport.SelectorImpl.registerForEvent(Unknown
Source)
at
com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(Unknown
Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(Unknown
Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.is_a(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._is_a(Unknown Source)
###@###.### 2005-05-10 19:42:00 GMT
###@###.### 2005-05-12 06:00:57 GMT
ThreadGroup is not child to Applet's ThreadGroup but it is child to
'system' thread group. I looked at their ORBImpl code here is what they
have as comment while creating ThreadGroup:
Usually when somebody does getParent() on the current thread group, it
should fail with the SecurityException based on standard J2SE security
permissions. However, they by-passed the security check. Here is how their
ThreadGroup creation looks like:
+++ Created ThreadGroup : java.lang.ThreadGroup[name=ORB
ThreadGroup,maxpri=10, Parent=java.lang.ThreadGroup[name=system,maxpri=10,
Parent=null]]
And Applet's ThreadGroup is as follows:
+++ Applet's thread group :
sun.applet.AppletThreadGroup[name=http://localhost:7001/Applets/-threadGroup,maxpri=4,
Parent=java.lang.ThreadGroup[name=main,maxpri=10,
Parent=java.lang.ThreadGroup[name=system,maxpri=10, Parent=null]]]
And since they by-passed the security checks they could go all the up for
the getting the parent and successfully able to create a child ThreadGroup
on it.
After this they are trying to access this thread group (ORB thread group)
inside their orb ThreadPool code and it is throwing SecurityException
since it is not child to Applet's ThreadGroup. Here is the stack trace for it:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission modifyThreadGroup)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at sun.applet.AppletSecurity.checkAccess(AppletSecurity.java:162)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:289)
at java.lang.Thread.init(Unknown Source)
at java.lang.Thread.<init>(Unknown Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.<init>(Unknown
Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.createWorkerThread(Unknown
Source)
at
com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.notifyForAvailableWork(Unknown
Source)
at com.sun.corba.se.impl.orbutil.threadpool.WorkQueueImpl.addWork(Unknown
Source)
at com.sun.corba.se.impl.transport.SelectorImpl.createReaderThread(Unknown
Source)
at com.sun.corba.se.impl.transport.SelectorImpl.registerForEvent(Unknown
Source)
at
com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(Unknown
Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(Unknown
Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.is_a(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._is_a(Unknown Source)
###@###.### 2005-05-10 19:42:00 GMT
###@###.### 2005-05-12 06:00:57 GMT
- backported by
-
JDK-2140829 ORB applet issue JDK 5.0 u2
-
- Closed
-