4 files changed, 149 insertions, 6 deletions

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
index 56e28bd870..97af9ecf2b 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
@@ -43,6 +43,7 @@ import javax.security.auth.Subject;
 import org.apache.log4j.Logger;
 
 import org.apache.qpid.exchange.ExchangeDefaults;
+import org.apache.qpid.pool.SuppressingInheritedAccessControlContextThreadFactory;
 import org.apache.qpid.server.configuration.BrokerProperties;
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.connection.ConnectionRegistry;
@@ -1386,7 +1387,7 @@ public abstract class AbstractVirtualHost<X extends AbstractVirtualHost<X>> exte
     @StateTransition( currentState = { State.UNINITIALIZED,State.ERRORED }, desiredState = State.ACTIVE )
     private void onActivate()
     {
-        _houseKeepingTasks = new ScheduledThreadPoolExecutor(getHousekeepingThreadCount());
+        _houseKeepingTasks = new ScheduledThreadPoolExecutor(getHousekeepingThreadCount(), new SuppressingInheritedAccessControlContextThreadFactory());
 
         MessageStore messageStore = getMessageStore();
         messageStore.openMessageStore(this);
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/pool/ReferenceCountingExecutorService.java b/qpid/java/common/src/main/java/org/apache/qpid/pool/ReferenceCountingExecutorService.java
index a6df71464b..c9fbd824c5 100644
--- a/qpid/java/common/src/main/java/org/apache/qpid/pool/ReferenceCountingExecutorService.java
+++ b/qpid/java/common/src/main/java/org/apache/qpid/pool/ReferenceCountingExecutorService.java
@@ -21,7 +21,6 @@
 package org.apache.qpid.pool;
 
 import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.ThreadPoolExecutor;
@@ -82,10 +81,8 @@ public class ReferenceCountingExecutorService
     /** Holds the number of executor threads to create. */
     private int _poolSize = Integer.getInteger("amqj.read_write_pool_size", DEFAULT_POOL_SIZE);
 
-    /** Thread Factory used to create thread of the pool.   Uses the default implementation provided by
-     *  {@link java.util.concurrent.Executors#defaultThreadFactory()} unless reset by the caller.
-     */
-    private ThreadFactory _threadFactory = Executors.defaultThreadFactory();
+    /** Thread Factory used to create thread of the pool. */
+    private ThreadFactory _threadFactory = new SuppressingInheritedAccessControlContextThreadFactory();
 
     /**
      * Retrieves the singleton instance of this reference counter.
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactory.java b/qpid/java/common/src/main/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactory.java
new file mode 100644
index 0000000000..37ce8f5d67
--- /dev/null
+++ b/qpid/java/common/src/main/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactory.java
@@ -0,0 +1,50 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.pool;
+
+
+import javax.security.auth.Subject;
+import java.security.PrivilegedAction;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ThreadFactory;
+
+/**
+ * <code>ThreadFactory</code> to create threads with empty inherited  <code>java.security.AccessControlContext</code>
+ * <p></p>
+ * It delegates thread creation to <code>Executors</code> default thread factory.
+ */
+public class SuppressingInheritedAccessControlContextThreadFactory implements ThreadFactory
+{
+    private final ThreadFactory _defaultThreadFactory = Executors.defaultThreadFactory();
+
+    @Override
+    public Thread newThread(final Runnable runnable)
+    {
+        return Subject.doAsPrivileged(null, new PrivilegedAction<Thread>()
+                                            {
+                                                @Override
+                                                public Thread run()
+                                                {
+                                                    return _defaultThreadFactory.newThread(runnable);
+                                                }
+                                            }, null);
+    }
+}
diff --git a/qpid/java/common/src/test/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactoryTest.java b/qpid/java/common/src/test/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactoryTest.java
new file mode 100644
index 0000000000..b8cf8a40b0
--- /dev/null
+++ b/qpid/java/common/src/test/java/org/apache/qpid/pool/SuppressingInheritedAccessControlContextThreadFactoryTest.java
@@ -0,0 +1,95 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.pool;
+
+
+import javax.security.auth.Subject;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.util.Collections;
+import java.util.Set;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class SuppressingInheritedAccessControlContextThreadFactoryTest extends QpidTestCase
+{
+    public void testAccessControlContextIsNotInheritedByThread() throws Exception
+    {
+        final String principalName = getName();
+        final CountDownLatch latch = new CountDownLatch(1);
+
+        final AtomicReference<AccessControlContext> threadAccessControlContextCapturer = new AtomicReference<>();
+        final AtomicReference<AccessControlContext>  callerAccessControlContextCapturer = new AtomicReference<>();
+
+        final Set<Principal> principals = Collections.<Principal>singleton(new Principal()
+        {
+            @Override
+            public String getName()
+            {
+                return principalName;
+            }
+
+            @Override
+            public String toString()
+            {
+                return "Principal{" + getName() + "}";
+            }
+        });
+
+        Subject subject = new Subject(false, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
+
+        Subject.doAs(subject, new PrivilegedAction<Void>()
+        {
+            @Override
+            public Void run()
+            {
+                callerAccessControlContextCapturer.set(AccessController.getContext());
+                SuppressingInheritedAccessControlContextThreadFactory factory = new SuppressingInheritedAccessControlContextThreadFactory();
+                factory.newThread(new Runnable()
+                {
+
+                    public void run()
+                    {
+                        threadAccessControlContextCapturer.set(AccessController.getContext());
+                        latch.countDown();
+                    }
+
+                }).start();
+                return null;
+            }
+        });
+
+        latch.await(3, TimeUnit.SECONDS);
+
+        Subject callerSubject = Subject.getSubject(callerAccessControlContextCapturer.get());
+        Subject threadSubject = Subject.getSubject(threadAccessControlContextCapturer.get());
+
+        assertEquals("Unexpected subject in main thread", callerSubject, subject);
+        assertNull("Unexpected subject in executor thread", threadSubject);
+
+    }
+
+}