JDK-6419572 : JMX implementations should be allowed to make permission checks even if no SecurityManager
Type:Enhancement
Component:core-svc
Sub-Component:javax.management
Affected Version:6
Priority:P3
Status:Resolved
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2006-04-28
Updated:2017-05-16
Resolved:2006-06-21
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
The JMX spec says (in the PDF document and in the API documentation for javax.management.MBeanServer) that permission checks are made if and only if there is a non-null SecurityManager.
Comments
SUGGESTED FIX
Change this sentence in the Javadoc for MBeanServer:
"First, if there is no security manager (System.getSecurityManager() is null), then no checks are made."
to this:
"First, if there is no security manager (System.getSecurityManager() is null), then an implementation of this interface is free not to make any checks."
Likewise, in the security chapter of the JMX spec, change this:
"The security checks described in this chapter are only performed when there is a security manager. That is, if System.getSecurityManager() returns null, then no checks are performed."
to this:
"The security checks described in this chapter must be performed when there is a security manager. That is, if System.getSecurityManager() does not return null, then authorization checks must be performed. An implementation of the MBeanServer interface is free to perform the checks even if there is no security manager but it is not required to."
06-06-2006
EVALUATION
Spec-only change. We cannot change the JDK so that it starts checking permissions even if there is no SecurityManager, at least not by default, since that would be incompatible. We could provide another mechanism to ask for permission checks, but that is the subject of another RFE.
The most important outcome of this change would be that independent implementations could provide alternative mechanisms to ask for permission checks to be made. Also, alternative MBeanServer implementations plugged in via the MBeanServerBuilder mechanism could make checks and remain compatible with the specification of the MBeanServer interface.