Skip to main content

SecurityManagerImpl.java is this right?

2 replies [Last post]
david_crandall
Offline
Joined: 2010-01-05
Points: 0

I ran into a problem with 1.1.4 in SecurityManagerImpl:

// Check permission (in context of AccessControlContext)
if (ENABLE_CHECK_PERMISSIONS)
((SecurityContext)context).acc.checkPermission (perm);
else if (Logging.LOGGING)
{
try
{
((SecurityContext)context).acc.checkPermission(perm);
}
catch(SecurityException e)
{
log.warn("Need PrivilegedAction?", e);
}
}

it seems odd that we would check if we're checking permissions, but if we aren't checking permissions, and logging is turned on, we do the same things anyway.

Is that right?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
greg80303
Offline
Joined: 2008-07-03
Points: 0

You are correct, this is just ugly code. The ENABLE_CHECK_PERMISSIONS flag is an outdated setting that we do not need anymore. You can disable security by overriding the security manager definition in your final.properties file like this:

OCAP.mgrmgr.manager.OcapSecurity=org.cablelabs.impl.manager.security.NoAccessControl

I'll probably just end up getting rid of the logging -- its not very helpful anyway. Thank you for pointing this out.

G

david_crandall
Offline
Joined: 2010-01-05
Points: 0

Regarding logging: It WILL let you know if there's an issue, without logging... and how. :)

Message was edited by: david_crandall