Details

    • Subcomponent:
    • Resolved In Build:
      b05
    • CPU:
      x86
    • OS:
      windows_xp

      Backports

        Description

        They create ORB ThreadGroup at the time of ORB creation and this ORB
        ThreadGroup is not child to Applet's ThreadGroup but it is child to
        'system' thread group. I looked at their ORBImpl code here is what they
        have as comment while creating ThreadGroup:
        Usually when somebody does getParent() on the current thread group, it
        should fail with the SecurityException based on standard J2SE security
        permissions. However, they by-passed the security check. Here is how their
        ThreadGroup creation looks like:
        +++ Created ThreadGroup : java.lang.ThreadGroup[name=ORB
        ThreadGroup,maxpri=10, Parent=java.lang.ThreadGroup[name=system,maxpri=10,
        Parent=null]]
        And Applet's ThreadGroup is as follows:
        +++ Applet's thread group :
        sun.applet.AppletThreadGroup[name=http://localhost:7001/Applets/-threadGroup,maxpri=4,
        Parent=java.lang.ThreadGroup[name=main,maxpri=10,
        Parent=java.lang.ThreadGroup[name=system,maxpri=10, Parent=null]]]

        And since they by-passed the security checks they could go all the up for
        the getting the parent and successfully able to create a child ThreadGroup
        on it.

        After this they are trying to access this thread group (ORB thread group)
        inside their orb ThreadPool code and it is throwing SecurityException
        since it is not child to Applet's ThreadGroup. Here is the stack trace for it:
        java.security.AccessControlException: access denied
        (java.lang.RuntimePermission modifyThreadGroup)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at sun.applet.AppletSecurity.checkAccess(AppletSecurity.java:162)
        at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:289)
        at java.lang.Thread.init(Unknown Source)
        at java.lang.Thread.<init>(Unknown Source)
        at
        com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.<init>(Unknown
        Source)
        at
        com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.createWorkerThread(Unknown
        Source)
        at
        com.sun.corba.se.impl.orbutil.threadpool.ThreadPoolImpl.notifyForAvailableWork(Unknown
        Source)
        at com.sun.corba.se.impl.orbutil.threadpool.WorkQueueImpl.addWork(Unknown
        Source)
        at com.sun.corba.se.impl.transport.SelectorImpl.createReaderThread(Unknown
        Source)
        at com.sun.corba.se.impl.transport.SelectorImpl.registerForEvent(Unknown
        Source)
        at
        com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(Unknown
        Source)
        at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(Unknown
        Source)
        at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.is_a(Unknown Source)
        at org.omg.CORBA.portable.ObjectImpl._is_a(Unknown Source)

        ###@###.### 2005-05-10 19:42:00 GMT
        ###@###.### 2005-05-12 06:00:57 GMT

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  kcavanauorcl Ken Cavanaugh (Inactive)
                  Reporter:
                  btellasunw Bhanu Tella (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: