United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6343209 Need to specify how SubjectDelegationPermission works for ConnectorServer creators
JDK-6343209 : Need to specify how SubjectDelegationPermission works for ConnectorServer creators

Details
Type:
Bug
Submit Date:
2005-10-28
Status:
Closed
Updated Date:
2010-07-29
Project Name:
JDK
Resolved Date:
2006-06-07
Component:
core-svc
OS:
generic
Sub-Component:
javax.management
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports
Relates:

Sub Tasks

Description
CR 6261831 introduced the notion of granting SubjectDelegationPermission to the creator of a ConnectorServer so that it is no longer necessary to grant that creator every permission that a remote operation over a connection might need.  However, this is not documented.

                                    

Comments
EVALUATION

Should be documented in PDF spec chapter on security.  Could possibly find a home for it in the Javadoc spec as well.
                                     
2005-10-28
SUGGESTED FIX

Add to the PDF spec:

"Access Control Context

"MBean Server operations on behalf of a remote client are executed in an access control context (see java.security.AccessControlContext) where checked permissions must be held both by the authenticated Subject (or delegated Subject) and by the Subject that created the connector server. Without the latter check, an entity that had permissions to create a connector server but not some other permissions might be able to obtain those other permissions by creating a connector server and sending requests to it.

"If the Subject that created the connector server has a SubjectDelegationPermission for every Principal in the authenticated (or delegated) Subject, then its permissions are not checked for MBean Server operations. This means that there are two ways to configure the permissions of the connector server creator. Either it must have all the permissions that any remote client will need for its operations; or it must have a SubjectDelegationPermission for every Principal that a remote client will authenticate or delegate."
                                     
2006-03-15
EVALUATION

Fixed in PDF spec.
                                     
2006-06-07



Hardware and Software, Engineered to Work Together