1 4 5 6 7 8 Previous Next 116 Replies Latest reply on Nov 28, 2008 3:21 PM by anil.saldhana Go to original post
      • 105. Re: VFS Permissions - JBMICROCONT-149
        starksm64

        So you have org.jboss.aspect.TCCL which sets the TCCL that is applied a call to Thread.setContextClassLoader that uses a privileged block to isolate the caller. So the first issue is that this cannot be a mechanism to circumvent the security check for calling setContextClassLoader, so the application of the aspect has to have a security check that applies to codebase where the aspect is being applied. I'm sure the aop layer does not make this check today.

        I still think the generated bytecode in the vfsmemory: location also has a permission that is inherited from the aspect codebase so that you know what an aspect is allowed to do. Unless I have granted the setContextClassLoader to the aspect, I'm not going to be able to apply it to some call context to change the caller's ability to perform a privileged operation.

        • 106. Re: VFS Permissions - JBMICROCONT-149
          alesj

           

          "scott.stark@jboss.org" wrote:

          I still think the generated bytecode in the vfsmemory: ...

          So, with this discussion going nowhere; people claiming 100th post, not-being-AOP experts, not-being-Adrian, ...
          what's the decision on non-real VFS handlers?

          Return plain vfs url or some re-producible url?
          As I doubt UnsuppOpException is useful.
          Although it would be the only one valid ... ;-)

          • 107. Re: VFS Permissions - JBMICROCONT-149
            flavia.rainone

            Regarding the AOP part of this discussion, I have no idea of what needs to be done, I am an AOP expert, but not an AOP-VFS integration expert ;-)

            I think we should wait for Kabir to return from his vacation (next Monday) to see what he says about this.

            Disclaimer: I'm not Ales, Adrian, Scott, Kabir, Anil, etc, etc, etc. :P

            • 108. Re: VFS Permissions - JBMICROCONT-149
              alesj

               

              "flavia.rainone@jboss.com" wrote:

              I think we should wait for Kabir to return from his vacation (next Monday) to see what he says about this.

              It's not an AOP issue.
              AOP just uses VFS's in-memory mechanism.

              The issue is whether we should create some reproduceable
              url for in-memory stuff in InMemoryClassesDeployer.

              But I still don't see how this would help Anil's security issue,
              as it would still be a vfs url - which is THE topic of this discussion.

              There is no way to turn it into 'real' url, no matter what we do before.

              • 109. Re: VFS Permissions - JBMICROCONT-149

                 

                "alesj" wrote:
                "flavia.rainone@jboss.com" wrote:

                I think we should wait for Kabir to return from his vacation (next Monday) to see what he says about this.

                It's not an AOP issue.
                AOP just uses VFS's in-memory mechanism.

                The issue is whether we should create some reproduceable
                url for in-memory stuff in InMemoryClassesDeployer.

                But I still don't see how this would help Anil's security issue,
                as it would still be a vfs url - which is THE topic of this discussion.

                There is no way to turn it into 'real' url, no matter what we do before.


                Can't you change the in memory vfs context construction to allow you to
                specify the "RealURL". The InMemoryClassesDeployer would populate it with
                the "RealURL" of the VFS (Sub)Deployment.

                Then VFSUtils.getRealURL() would then automatically return whatever you specify
                when it delegates to the in memory vfs context.

                • 110. Re: VFS Permissions - JBMICROCONT-149
                  alesj

                   

                  "adrian@jboss.org" wrote:

                  Can't you change the in memory vfs context construction to allow you to
                  specify the "RealURL". The InMemoryClassesDeployer would populate it with
                  the "RealURL" of the VFS (Sub)Deployment.

                  Then VFSUtils.getRealURL() would then automatically return whatever you specify
                  when it delegates to the in memory vfs context.

                  Probably the only logical solution. :-)

                  Should we add similar notion for other abstract/virtual handlers?
                  e.g. Assembled, Byte, Link, ... (and/or where it makes sense)

                  • 111. Re: VFS Permissions - JBMICROCONT-149
                    dmlloyd

                    No, I disagree entirely. Actually it's fine if it's a VFS URL. We've already gotten past that problem - we can specify VFS URLs in the security policy file now without any problems.

                    The problem now is that vfsmemory URLs are not predictable. And in fact -any- VFS URL type might not have a corresponding "real" URL; I don't think this is a reliable solution.

                    I think the best solution is to have predictable/repeatable names for VFS URLs. I don't think using a UUID is really useful in practice anyway. Why not allow a name to be assigned to vfsmemory URLs? Then one could simply put the appropriate vfsmemory URL in the security policy file. If security is a concern, one could simply introduce a permission that is necessary in order to create a vfsmemory URL with a given name.

                    • 112. Re: VFS Permissions - JBMICROCONT-149
                      alesj

                       

                      "david.lloyd@jboss.com" wrote:

                      I think the best solution is to have predictable/repeatable names for VFS URLs. I don't think using a UUID is really useful in practice anyway. Why not allow a name to be assigned to vfsmemory URLs? Then one could simply put the appropriate vfsmemory URL in the security policy file. If security is a concern, one could simply introduce a permission that is necessary in order to create a vfsmemory URL with a given name.

                      I'll enable this in InMemoryClassesDeployer,
                      so the user can determine its own predictable/repeatable name.

                      By default this will still be UUID,
                      but I'll add some deployment unit based helpers.

                      • 113. Re: VFS Permissions - JBMICROCONT-149
                        alesj

                         

                        "alesj" wrote:

                        I'll enable this in InMemoryClassesDeployer,
                        so the user can determine its own predictable/repeatable name.

                        https://jira.jboss.org/jira/browse/JBDEPLOY-133

                        • 114. Re: VFS Permissions - JBMICROCONT-149
                          anil.saldhana

                          We cannot get the security manager tests to work in time for AS5GA. This is because I got the policy working for the vfs urls and now the mc releases have switched to real urls.

                          I will have to do JBAS-4154 post-GA.

                          • 115. Re: VFS Permissions - JBMICROCONT-149
                            alesj

                             

                            "anil.saldhana@jboss.com" wrote:
                            This is because I got the policy working for the vfs urls and now the mc releases have switched to real urls.

                            You can do something like this:
                            import org.jboss.classloading.spi.dependency.policy.ClassLoaderPolicyModule;
                            import org.jboss.classloading.spi.metadata.ClassLoadingMetaData;
                            import org.jboss.classloading.spi.vfs.policy.VFSClassLoaderPolicy;
                            import org.jboss.deployers.plugins.classloading.AbstractClassLoaderDescribeDeployer;
                            import org.jboss.deployers.spi.DeploymentException;
                            import org.jboss.deployers.structure.spi.DeploymentUnit;
                            import org.jboss.deployers.vfs.plugins.classloader.VFSDeploymentClassLoaderPolicyModule;
                            
                            /**
                             * VFSClassLoaderDescribeDeployer that exposes realURL flag in VFSDeploymentClassLoaderPolicyModule.
                             *
                             * @author ales.justin@jboss.org
                             */
                            public class VFSClassLoaderDescribeDeployer extends AbstractClassLoaderDescribeDeployer
                            {
                             /**
                             * The useRealURL flag.
                             */
                             private boolean useRealURL;
                            
                             protected ClassLoaderPolicyModule createModule(DeploymentUnit unit, ClassLoadingMetaData classLoadingMetaData) throws DeploymentException
                             {
                             return new UseRealFlagVFSDeploymentClassLoaderPolicyModule(unit);
                             }
                            
                             private class UseRealFlagVFSDeploymentClassLoaderPolicyModule extends VFSDeploymentClassLoaderPolicyModule
                             {
                             private UseRealFlagVFSDeploymentClassLoaderPolicyModule(DeploymentUnit deploymentUnit)
                             {
                             super(deploymentUnit);
                             }
                            
                             @Override
                             protected VFSClassLoaderPolicy determinePolicy()
                             {
                             VFSClassLoaderPolicy policy = super.determinePolicy();
                             policy.setUseRealURL(useRealURL);
                             return policy;
                             }
                             }
                            
                             /**
                             * Set use real url flag.
                             *
                             * @param useRealURL the real url flag
                             */
                             public void setUseRealURL(boolean useRealURL)
                             {
                             this.useRealURL = useRealURL;
                             }
                            }
                            


                            And change the existing VFSClassLoaderDescribeDeployer in deployers.xml.
                            Just make sure you add this class where deployers.xml classpath points to.

                            • 116. Re: VFS Permissions - JBMICROCONT-149
                              anil.saldhana

                              Ales, only if you had retained the system property for the useRealURLs. ;)

                              1 4 5 6 7 8 Previous Next