hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Gregory (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPASYNC-124) Add doPrivileged blocks to async client and connection manager builders
Date Fri, 21 Jul 2017 04:01:05 GMT

     [ https://issues.apache.org/jira/browse/HTTPASYNC-124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Gary Gregory resolved HTTPASYNC-124.
    Resolution: Fixed

In git master. Please verify and close.

> Add doPrivileged blocks to async client and connection manager builders 
> ------------------------------------------------------------------------
>                 Key: HTTPASYNC-124
>                 URL: https://issues.apache.org/jira/browse/HTTPASYNC-124
>             Project: HttpComponents HttpAsyncClient
>          Issue Type: Improvement
>            Reporter: Jay Modi
>         Attachments: builder_do_privileged.patch
> If a Java security manager is present and restricting actions (like the one used in elasticsearch),
permissions need to be granted to the code using the HttpAsyncClientBuilder when using the
`useSystemProperties` options and the call to the HttpAsyncClientBuilder#build method must
be wrapped in a AccessController#doPrivileged block. The retrieval of system properties and
the default proxy are the operations performed by the HttpAsyncClientBuilder that require
permissions to be granted or an AccessControlException will be thrown.
> In order to restrict the granting of privileges to the least amount of code necessary,
the HttpAsyncClientBuilder can wrap the privileged operations in a AccessController#doPrivileged
block. This would allow code that makes use of the HttpAsyncClient to restrict the permission
granting to the async client jar file.
> Attached is a patch that adds the AccessController#doPrivileged blocks. This relates
to work done in https://github.com/elastic/elasticsearch/pull/25757.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message