9:32 a.m.
[
https://issues.jboss.org/browse/ARQ-2204?page=com.atlassian.jira.plugin.s...
]
r searls commented on ARQ-2204:
-------------------------------
Resteasy is not tested regularly with SecurityManager.
Since the new jboss-modules design was implemented Resteasy has been tested by
QA with the security manager once or twice a year. Resteasy versions 3.x and 4.x
have been tested over time. QA runs with JDK-8 as this is the oldest supported
version. I don't know what later versions they test with. I always check against
JDK-8 and JDK-11. In the past QA reported issues that required the addition of
AccessController.doPrivileged() calls in the code and the addition of select
permission classes to some tests. Those types of changes did not work in this
case.
The last successful test run (more or less) was Jul 2018. There were test failures
that were successfully addressed as described above at that time. This issue with
ArquillianServletRunner did not exist unitl a Dec 2018 test run was made.
wildfly security manager jboss modules permissions setup
--------------------------------------------------------
Key: ARQ-2204
URL: https://issues.jboss.org/browse/ARQ-2204
Project: Arquillian
Issue Type: Bug
Components: core
Affects Versions: 1.4.0.Final
Environment: Fedora 28
Apache Maven 3.3.9
Java version: 11.0.2, vendor: Oracle Corporation
Resteasy: 4.1.0-SNAPSHOT
wfly: wildfly-17.0.0.Beta1-SNAPSHOT
Reporter: r searls
Priority: Major
Attachments: List-10-ProtectionDomains.txt, xFull-stacktrace.txt,
xJira-sm-debug-flag.zip
Arquillian is not registering all the security permissions required to run resteasy tests
on wildfly with
the sercurity manager enabled.
There are 24+ Resteasy testsuite tests failing when run with the security manager.
These tests are running in the container (i.e. using the @RunWith(Arquillian.class)
annotation.
The @RunAsClient is not being used.)
The exception thrown is,
Caused by: java.lang.ClassNotFoundException:
org.glassfish.jersey.client.JerseyClientBuilder from
[Module "javax.ws.rs.api" version 1.0.2.Final from local module loader
@4b3ed2f0
(finder: local module finder @4fad9bb2
(roots:
/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules,/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/layers/base,/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/add-ons/spring))]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at
org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:315)
at
javax.ws.rs.api@1.0.2.Final//javax.ws.rs.client.FactoryFinder.newInstance(FactoryFinder.java:119)
at
javax.ws.rs.api@1.0.2.Final//javax.ws.rs.client.FactoryFinder.find(FactoryFinder.java:226)
at
javax.ws.rs.api@1.0.2.Final//javax.ws.rs.client.ClientBuilder.newBuilder(ClientBuilder.java:96)
This is due to a missing ProtectionDomain with ("<all permissions>"
"<all actions>") for
/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-4.1.0-SNAPSHOT.jar
When wildfly starts up (with or without the security manager) it registers a
ProtectionDomain with ("<all permissions>"
"<all actions>" for each jar in the
wildfly-17.0.0.Beta1-SNAPSHOT/modules/system. These ProtectionDomains are active when the
Resteasy container runs. When Arquillian runs only 10 ProtectionDomains are defined (see
attachment List-10-ProtectionDomains.txt). This appears to be the cause of the problem.
A full stacktrace is provided in the attachments.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
1982
days inactive
1982
days old
arquillian-issues@lists.jboss.org
0 comments
1 participants
participants (1)
-
r searls (Jira)