avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen McConnell <mcconn...@apache.org>
Subject [merlin] code security - ON or OFF
Date Thu, 22 Jan 2004 03:31:31 GMT

I working through the code security implementation in the composition 
and activation packages and I have a couple of questions/comments 
related to the setting of the security manager:

1.  first off - I think the setting of the security manager should
     probably be moved to the repository package DefaultInitialContext
     class - this class is the entry point for bootstrapping merlin
     and creating the initial merlin classloaders

2.  second point - the decision to enable security is currently
     based on a true/false property which functions perfectly,
     however - there are usage problems:

     -  Take the Hello component - if I simply run the Hello build,
        the default behavior is that a merlin kernel is launched
        (via avalon-repository DefaultInitialContext).  The kernel
        grabs the default kernel configuration, sets security
        enabled to true.  DefaultBlock kicks in, security manager
        is assigned - everything proceeds except for two things:

         (a) proxy creation is not possible to to insufficient
             permission
         (b) jvm exit is not possible due to insufficient
             permission

     -  What I have been trying to figure out is how to detect if
        the assignment of the security manager will in effect
        invalidate the normal function of the container.

I.e. want I want figure out is a function:

     boolean isAssociationOfASecurityManagerPractical()
     {
         // some smart code that makes sure we will have
         // the necessary privs to function normally
     }

The important point here is that the kernel will be running in 
environments that we are not in control of - and in this respect we need 
to be adaptive and make sure we don't block an application because we 
have assigned the SecurityManager in an host that is running in default 
mode.

Any thoughts?

Cheers, Steve.

-- 

|------------------------------------------------|
| Magic by Merlin                                |
| Production by Avalon                           |
|                                                |
| http://avalon.apache.org/merlin                |
| http://dpml.net/merlin/distributions/latest    |
|------------------------------------------------|


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org
For additional commands, e-mail: dev-help@avalon.apache.org


Mime
View raw message