Red Hat Bugzilla – Bug 786106
trying to call ProxyFactory methods inside CLI alert scripts throws AccessControlExceptions
Last modified: 2013-08-31 06:13:12 EDT
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create CLI script that uses ProxyFactory to obtain some resource (ProxyFactory.getResource(10001)), create alert, attach the script as one of its notifications.
2. Let the alert fire
In the alert history, review the cli notification results - it shows an access control exception
No access control exception should have been thrown
Author: Lukas Krejci <firstname.lastname@example.org>
Date: Tue Jan 31 14:35:07 2012 +0100
[BZ 786106] Wrap calls to obtain managers in privileged blocks so that 3rd
callers can safely obtain them.
The StandardBindings put all the managers into the script context before
the script engine is initialized with the security measures which makes
the managers available inside the scripts. Java code that gets injected as
other params into the scripts (like the "ProxyFactory" (of class
ResourceClientFactory) would suffer from access control exceptions when
it tried to obtain some manager while being called from the script because
it would try to call the methods from the LocalClient to obtain the remote
interfaces directly, without a wrapping in a privileged block). Obtaining
the remote interfaces is a safe operation wrt the scripts and so can be
wrapped in privileged block so that any caller of the LocalClient can
have access to the regardless of the access control restrictions in place.
created alert ... with CLI script as described in the description. alert fired many times. did not see access control exceptions in the server log.
Making this BZ block the correct tracker.
Bulk close of old bugs in VERIFIED state.