Bug 1013793

Summary: AccessController loses Subject and DomainCombiner in AccessController.doPrivileged(PrivilegedAction, AccessControlContext)
Product: Red Hat Enterprise Linux 5 Reporter: Brandon Heck <brandon.heck>
Component: java-1.6.0-openjdkAssignee: Deepak Bhole <dbhole>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.8   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-15 19:20:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Test case for reproducing the issue. none

Description Brandon Heck 2013-09-30 19:23:12 UTC
Created attachment 805480 [details]
Test case for reproducing the issue.

Description of problem:
I am seeing an issue on RHEL 5.8 with the build of OpenJDK. The Subject on the AccessControlContext is lost during an invocation of AccessController.doPrivileged(PrivilegedAction, AccessControlContext).


Version-Release number of selected component (if applicable):
Seen on:
RHEL 5.8
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.11.90) (rhel-1.41.1.11.11.90.el5_9-i386)

Not seen on:
RHEL 5.8
java version "1.6.0_22"
OpenJDK Runtime Environment (IcedTea6 1.10.8) (rhel-1.27.1.10.8.el5_8-i386)

Windows 7
java version 1.6.0_24
HotSpot VM


How reproducible:
Test case attached.

The test case follows this flow:
Subject is created
Subject.doAs(Subject, PrivilegedAction[1]) is called
PrivilegedAction[1] is given the AccessControlContext and spawns a new thread
New thread uses AccessControlContext to run a privileged action with AccessController.doPrivileged(PrivilegedAction[2], AccessControlContext)
PrivilegedAction[2] calls Subject.getSubject(AccessController.getContext()), the returned subject is null. Additionally, the DomainCombiner on the AccessControlContext is null.


Steps to Reproduce:
Run the attached test case. The main method is in com.brandon.example.RunnableTest


Actual results:
Subject is null, test case throws an IllegalStateException


Expected results:
Subject is the same as the subject on the AccessControlContext which is used to run the privileged action, test case does not throw an IllegalStateException


Additional info:
The test case attached will throw an IllegalStateException if the subject in the nested PrivilegedAction is null. This may not be the only way to reproduce the issue, but this is the workflow of the application that exhibited the issue.

Comment 2 Andrius Benokraitis 2013-10-15 19:20:26 UTC
No additional minor releases are planned for Production Phase 2 in Red Hat Enterprise Linux 5, and therefore Red Hat is closing this bugzilla as it does not meet the inclusion criteria as stated in:
https://access.redhat.com/site/support/policy/updates/errata/#Production_2_Phase