Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction #621

Closed
boris-unckel opened this issue Sep 27, 2022 · 1 comment · Fixed by #622 or #623
Closed

j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction #621

boris-unckel opened this issue Sep 27, 2022 · 1 comment · Fixed by #622 or #623

Comments

@boris-unckel
Copy link

Describe the bug
Using the service load approach jakarta.mail.util.FactoryFinder.factoryFromServiceLoader with an active security fails in an AppServer environment. The user space app would be forced to grant the permission. This is what we got in WildFly 27:

Here is the stack trace https://gist.github.com/jamezp/0c413ca12a51c5f39843702cdd003ddb

This is where the issue would be https://github.com/eclipse-ee4j/mail/blob/c424303d5dafab2921c3893085a6662f69550ef5/api/src/main/java/jakarta/mail/util/StreamProvider.java#L176-L178. Specifically this https://github.com/eclipse-ee4j/mail/blob/c424303d5dafab2921c3893085a6662f69550ef5/api/src/main/java/jakarta/mail/util/FactoryFinder.java#L130. That would need to be in a privileged action.

Expected behavior
Use a PrivilegedAction to load the service, sample code here: https://github.com/eclipse-ee4j/mail/blob/c424303d5dafab2921c3893085a6662f69550ef5/api/src/main/java/jakarta/mail/util/FactoryFinder.java#L90 )

Additional context
A cleaner approach could be a spec defined permission check on accessing the mail API i.e. a general permission we could apply to the deployment - then internally once that permission check has been performed use a doPrivileged to drop the callers protection domain from the specific permissions check as the caller does not need to know about the details.

Discussion about the bug started here
https://wildfly.zulipchat.com/#narrow/stream/174184-wildfly-developers/topic/Jakarta.20Mail
@scottmarlow
Copy link
Contributor

If someone creates a pull request that addresses this issue and the change is approved, could that change be included in a Jakarta Mail 2.1.1 service release?

jbescos added a commit to jbescos/mail that referenced this issue Oct 4, 2022
@jbescos
j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction j…
57f111a 
…akartaee#621

Signed-off-by: Jorge Bescos Gascon <jorge.bescos.gascon@oracle.com>
@jbescos jbescos mentioned this issue Oct 4, 2022
Merged
jbescos added a commit to jbescos/mail that referenced this issue Oct 4, 2022
@jbescos
j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction j…
90d942d 
…akartaee#621

Signed-off-by: Jorge Bescos Gascon <jorge.bescos.gascon@oracle.com>
@lukasj lukasj linked a pull request Oct 4, 2022 that will close this issue
j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction #621 #622
Merged
lukasj pushed a commit that referenced this issue Oct 4, 2022
@jbescos
j.m.u.FactoryFinder.factoryFromServiceLoader needs PrivilegedAction #621
c0aa8d4 
 (#622)

Signed-off-by: Jorge Bescos Gascon <jorge.bescos.gascon@oracle.com>
@yersan yersan mentioned this issue Oct 4, 2022
Merged
@lukasj lukasj linked a pull request Oct 5, 2022 that will close this issue
Add the ability to the API consumers to load the API implementations … #623
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@scottmarlow @boris-unckel