JDK-6343209 : Need to specify how SubjectDelegationPermission works for ConnectorServer creators
  • Type: Bug
  • Component: core-svc
  • Sub-Component: javax.management
  • Affected Version: 6
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2005-10-28
  • Updated: 2017-05-19
  • Resolved: 2006-06-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 beta2Fixed
Related Reports
Relates :  
JDK-6261831 - JMX connector server's creator should not have to grant remote client's permissions in its codebase
Description
CR 6261831 introduced the notion of granting SubjectDelegationPermission to the creator of a ConnectorServer so that it is no longer necessary to grant that creator every permission that a remote operation over a connection might need.  However, this is not documented.
Comments
EVALUATION Fixed in PDF spec.
07-06-2006
SUGGESTED FIX Add to the PDF spec: "Access Control Context "MBean Server operations on behalf of a remote client are executed in an access control context (see java.security.AccessControlContext) where checked permissions must be held both by the authenticated Subject (or delegated Subject) and by the Subject that created the connector server. Without the latter check, an entity that had permissions to create a connector server but not some other permissions might be able to obtain those other permissions by creating a connector server and sending requests to it. "If the Subject that created the connector server has a SubjectDelegationPermission for every Principal in the authenticated (or delegated) Subject, then its permissions are not checked for MBean Server operations. This means that there are two ways to configure the permissions of the connector server creator. Either it must have all the permissions that any remote client will need for its operations; or it must have a SubjectDelegationPermission for every Principal that a remote client will authenticate or delegate."
15-03-2006
EVALUATION Should be documented in PDF spec chapter on security. Could possibly find a home for it in the Javadoc spec as well.
28-10-2005