[wildfly-dev] Permissions in WildFly Core

Wed Aug 26 10:00:16 EDT 2015

Also AFAIR, security manager subsystem implements EE7 security
manager(permissions.xml) support.
and as such doesn't belong to core.

On Wed, Aug 26, 2015 at 3:56 PM, Brian Stansberry <
brian.stansberry at redhat.com> wrote:

> On 8/26/15 8:49 AM, Brian Stansberry wrote:
> > Just some data, as I know distribution size is a significant factor in
> > deciding what goes into WildFly Core:
> >
> > The org.wildfly.extension.security.manager module itself is 45KB
> > unzipped, so not much of a concern.
> >
> > However, it depends on org.jboss.metadata.common, which is 475KB and
> > isn't itself present in WildFly Core.
>
> The requirement for org.jboss.metadata.common looks pretty simple to
> eliminate. It's just using a bit of what looks like easily duplicated
> utility code.
>
> >
> > All its other deps are present in WildFly Core.
> >
> > On 8/26/15 7:38 AM, Josef Cacek wrote:
> >> Hi *,
> >>
> >> Is there a way how to configure Java security permissions in WildFly
> Core?
> >> If not, is there any reason why not to move the
> wildfly-security-manager from WildFly into WildFly Core?
> >>
> >> I'm investigating failing tests in WildFly Core testsuite ([1],[2])
> when security manager is enabled.
> >>
> >> The problem is, security manager is in place and I'm not able to define
> permissions for deployments
> >> - using policy file (configured by java.security.policy system
> property) doesn't work for me;
> >> - putting META-INF/permissions.xml into deployments doesn't help
> because PermissionsParseProcessor deployment processor is part of
> wildfly-security-manager (i.e. not in Core) and it is only activated when
> security-manager subsystem is present.
> >>
> >> So the tests fail because of AccessControlExceptions on the server side.
> >>
> >> Any thoughts?
> >>
> >> As a workaround we can run the Core testsuite against full WildFly and
> use either in-deployment permissions.xml or configure permissions in
> subsystem [3] - but both ways have some disadvantages.
> >> We either have to put "unnecessary" permissions.xml in WFCORE
> deployments or we have to use too wide minimum-permissions in
> security-manager subsystem configuration.
> >>
> >> [1] https://issues.jboss.org/browse/WFCORE-846
> >> [2] https://issues.jboss.org/browse/JBEAP-526
> >> [3]
> /subsystem=security-manager/deployment-permissions=default:write-attribute(name=minimum-permissions,
> value=[{class=java.security.AllPermission}])")
> >>
> >> Thanks,
> >>
> >> -- Josef Cacek
> >> _______________________________________________
> >> wildfly-dev mailing list
> >> wildfly-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>
> >
> >
>
>
> --
> Brian Stansberry
> Senior Principal Software Engineer
> JBoss by Red Hat
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20150826/43c62cb6/attachment.html 