[wildfly-dev] Permissions in WildFly Core

[Josef Cacek]

Hi *,

Is there a way how to configure Java security permissions in WildFly Core?
If not, is there any reason why not to move the wildfly-security-manager from WildFly into WildFly Core?

I'm investigating failing tests in WildFly Core testsuite ([1],[2]) when security manager is enabled.

The problem is, security manager is in place and I'm not able to define permissions for deployments
- using policy file (configured by java.security.policy system property) doesn't work for me;
- putting META-INF/permissions.xml into deployments doesn't help because PermissionsParseProcessor deployment processor is part of wildfly-security-manager (i.e. not in Core) and it is only activated when security-manager subsystem is present.

So the tests fail because of AccessControlExceptions on the server side.

Any thoughts?

As a workaround we can run the Core testsuite against full WildFly and use either in-deployment permissions.xml or configure permissions in subsystem [3] - but both ways have some disadvantages.
We either have to put "unnecessary" permissions.xml in WFCORE deployments or we have to use too wide minimum-permissions in security-manager subsystem configuration.

[1] https://issues.jboss.org/browse/WFCORE-846
[2] https://issues.jboss.org/browse/JBEAP-526
[3] /subsystem=security-manager/deployment-permissions=default:write-attribute(name=minimum-permissions, value=[{class=java.security.AllPermission}])")

Thanks,

-- Josef Cacek