Bug 967622
Summary: | Server CLI script can't require modules from rhq://downloads | |||
---|---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Filip Brychta <fbrychta> | |
Component: | CLI, Core Server | Assignee: | Lukas Krejci <lkrejci> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.7 | CC: | hrupp, lkrejci | |
Target Milestone: | --- | |||
Target Release: | RHQ 4.8 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 967675 (view as bug list) | Environment: | ||
Last Closed: | 2013-09-11 09:52:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 967675 |
Description
Filip Brychta
2013-05-27 15:56:04 UTC
commit eeffaed93e68612eb6a88226479702d4f373e510 Author: Lukas Krejci <lkrejci> Date: Tue May 28 03:11:56 2013 +0200 [BZ 967622 - Server CLI script can't require modules from rhq://downloads] This was primarily caused by a new permission required by EAP 6.1 we've switched to. To access the ModelControllerClient, the code now needs a RuntimePermission("canAccessModelController"). We need the ModelControllerClient when determining the EAR installation dir, which we in turn need when determining where to locate the scripts in the "rhq://downloads" location. This is done while running a script, which is done in a restricted access control context which does not and should not have that permission. The minimal fix is to wrap the getting of the ModelControllerClient in a privileged action but some more "defensive" code was added in the RhqDownloadScriptSourceProvider, too, to guard against different times it might get instantiated during the script execution. Javadocs were updated to warn about the security considerations when writing a script source provider available on the server side. Verified on: Version: 4.8.0-SNAPSHOT Build Number: eeffaed Bulk closing of old issues now that HRQ 4.9 is in front of the door. If you think the issue has not been solved, then please open a new bug and mention this one in the description. |