Security and running commands.

Last night, I was trying to figure out why a Command class had started dying with SecurityExceptions after I converted it to use the new syntax mechanisms. The reason is that the CommandInvokers deal with the 'public static void main(...)' and 'execute(...)' entry points differently from the security perspective. A 'main' entry point is called using 'AccessController.doPrivileged(...)' but an 'execute' entry point is called directly. I'm going to temporarily change the CommandInvokers to use 'doPrivileged' for both entry points. However, I don't think this is correct.

In the long term we need a better way to manage security for commands. It is a bad idea to remove all security restrictions when running commands. Rather, we need a way to selectively grant permissions, based on the command (is it trusted?) and the user (is he/she running with elevated ... or restricted ... privileges).

This is an issue that needs to be properly thought through ... and then the solution needs to be carefully implemented.