hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shevek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5740) Hadoop JSP pages don't work under a security manager
Date Tue, 28 Apr 2009 15:57:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703691#action_12703691

Shevek commented on HADOOP-5740:

bq. Is it ok to return a new empty permission collection on the getPermissions(CodeSource)
call? It won't impact hadoop's own code.

In general, this will cause a SecurityManager to fail any permissions check involving code
in a ProtectionDomain which was instantiated over that CodeSource. A CodeSource is (approximately)
a URI, and a ProtectionDomain is effectively a Set of classes loaded from that URI with a
common set of permissions.

Forgive my lack of deep understanding of this specific instance of the application of the
security manager, but in general, if ANY frame on the stack (AccessControlContext being a
list of ProtectionDomains) has a PermssionCollection which does not contain the required permission,
then the security check will fail. You might better relay or delegate the call and make a
writable copy of the returned value from the underlying policy, otherwise you will break a
great number of things very badly for anybody who does require a SecurityManager.

With a little more understanding of the instance, I could be much more helpful. I am sorry
that time forbids random speculative interest, but if you are stuck, I will gladly look further
into it.

> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>                 Key: HADOOP-5740
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5740
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: fs, mapred
>    Affects Versions: 0.21.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: hadoop-5740.patch
> When you run Hadoop under a security manager that says "yes" to all security checks,
you get stack traces when Jetty tries to initialise the JSP engine. Which implies you can't
use Jasper under a security manager

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message