Bug ID: JDK-6343209 Need to specify how SubjectDelegationPermission works for ConnectorServer creators

JDK-6343209 : Need to specify how SubjectDelegationPermission works for ConnectorServer creators

Details

Type:	Bug	Submit Date:	2005-10-28
Status:	Closed	Updated Date:	2010-07-29
Project Name:	JDK	Resolved Date:	2006-06-07
Component:	core-svc	OS:	generic
Sub-Component:	javax.management	CPU:	generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	6
Fixed Versions:	6 (beta2)

Related Reports

Relates:

JDK-6261831 - JMX connector server's creator should not have to grant remote client's permissions in its codebase

Sub Tasks

Description

CR 6261831 introduced the notion of granting SubjectDelegationPermission to the creator of a ConnectorServer so that it is no longer necessary to grant that creator every permission that a remote operation over a connection might need.  However, this is not documented.

Comments

EVALUATION

Fixed in PDF spec.

2006-06-07

SUGGESTED FIX

Add to the PDF spec:

"Access Control Context

"MBean Server operations on behalf of a remote client are executed in an access control context (see java.security.AccessControlContext) where checked permissions must be held both by the authenticated Subject (or delegated Subject) and by the Subject that created the connector server. Without the latter check, an entity that had permissions to create a connector server but not some other permissions might be able to obtain those other permissions by creating a connector server and sending requests to it.

"If the Subject that created the connector server has a SubjectDelegationPermission for every Principal in the authenticated (or delegated) Subject, then its permissions are not checked for MBean Server operations. This means that there are two ways to configure the permissions of the connector server creator. Either it must have all the permissions that any remote client will need for its operations; or it must have a SubjectDelegationPermission for every Principal that a remote client will authenticate or delegate."

2006-03-15

EVALUATION

Should be documented in PDF spec chapter on security.  Could possibly find a home for it in the Javadoc spec as well.

2005-10-28

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together