QPID-5567 : Further changes to SecurityMangager

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1570239 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2014-02-20 15:46:29 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2014-02-20 15:46:29 +0000
commit: 608a0bb1b83fd2920dbc19dc2be399b27c62c1ba (patch)
tree: 72ce7b1d63c8d358aaa82d321b62caf56bccd298 /qpid/java/broker-plugins/management-jmx/src
parent: e9f5602cdf5b100a348a2f95c620805ffab803b9 (diff)
download: qpid-python-608a0bb1b83fd2920dbc19dc2be399b27c62c1ba.tar.gz
1 files changed, 22 insertions, 13 deletions
diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
index e78e59b7fc..f959977d1f 100644
--- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
+++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/MBeanInvocationHandlerImpl.java
@@ -46,6 +46,9 @@ import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
 import java.security.AccessControlContext;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
 
 /**
@@ -201,7 +204,7 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler
         }
     }
 
-    private Object authoriseAndInvoke(Method method, Object[] args) throws IllegalAccessException, InvocationTargetException
+    private Object authoriseAndInvoke(final Method method, final Object[] args) throws Throwable
     {
         String methodName;
         // Get the component, type and impact, which may be null
@@ -229,23 +232,29 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler
         Operation operation = (isAccessMethod(methodName) || impact == MBeanOperationInfo.INFO) ? Operation.ACCESS : Operation.UPDATE;
         security.authoriseMethod(operation, type, methodName);
 
-        boolean oldAccessChecksDisabled = false;
-        if(_managementRightsInferAllAccess)
+        if (_managementRightsInferAllAccess)
         {
-            oldAccessChecksDisabled = SecurityManager.setAccessChecksDisabled(true);
+            try
+            {
+                return Subject.doAs(SecurityManager.SYSTEM, new PrivilegedExceptionAction<Object>()
+                {
+                    @Override
+                    public Object run() throws IllegalAccessException, InvocationTargetException
+                    {
+                        return method.invoke(_mbs, args);
+                    }
+                });
+            }
+            catch (PrivilegedActionException e)
+            {
+                throw e.getCause();
+            }
         }
-
-        try
+        else
         {
             return method.invoke(_mbs, args);
         }
-        finally
-        {
-            if(_managementRightsInferAllAccess)
-            {
-                SecurityManager.setAccessChecksDisabled(oldAccessChecksDisabled);
-            }
-        }
+
     }
 
     private String getType(Method method, Object[] args)
author	Robert Godfrey <rgodfrey@apache.org>	2014-02-20 15:46:29 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2014-02-20 15:46:29 +0000
commit	608a0bb1b83fd2920dbc19dc2be399b27c62c1ba (patch)
tree	72ce7b1d63c8d358aaa82d321b62caf56bccd298 /qpid/java/broker-plugins/management-jmx/src
parent	e9f5602cdf5b100a348a2f95c620805ffab803b9 (diff)
download	qpid-python-608a0bb1b83fd2920dbc19dc2be399b27c62c1ba.tar.gz