June 2018 - cdi-dev - Jboss List Archives

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Antoine Sabot-Durand (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Antoine Sabot-Durand closed CDI-731. ------------------------------------ Resolution: Explained > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-727) CDI.current() should use privileged block

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/CDI-727?page=com.atlassian.jira.plugin.sy... ] Martin Kouba commented on CDI-727: ---------------------------------- [~honza889] Ok, thanks. I suppose the problematic method is {{java.util.ServiceLoader.parse(Class<?>, URL)}} where {{java.net.URL.openStream()}} is used. > CDI.current() should use privileged block > ----------------------------------------- > > Key: CDI-727 > URL: https://issues.jboss.org/browse/CDI-727 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Jan Kalina > Assignee: Antoine Sabot-Durand > Labels: security-manager > Fix For: 2.0.SP1 > > > When deployment in container with security manager enabled try to use {{CDI.current()}} call, {{CDI}} class directly access JAR of CDI provider, because of which security manager requires from the deployment to have permission to read the JAR. > *{{CDI.findAllProviders}} method should read the JAR in privileged block.* > (as discussed in WFLY-10125) > {code} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-integ-rhel-secman/1cfa62fc/jboss-eap-7.2/modules/system/layers/base/org/jboss/as/weld/main/wildfly-weld-7.2.0.CD12-redhat-2.jar" "read")" in code source "(vfs:/content/test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360) > at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152) > at java.net.URL.openStream(URL.java:1045) > at javax.enterprise.inject.spi.CDI.findAllProviders(CDI.java:109) > at javax.enterprise.inject.spi.CDI.current(CDI.java:53) > at org.jboss.as.test.integration.ee.injection.support.jpa.beanManager.TestEntityListener.obtainFooViaCdiCurrent(TestEntityListener.java:97) > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Antoine Sabot-Durand (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Antoine Sabot-Durand commented on CDI-731: ------------------------------------------ Ok. got it. I close the ticket > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-727) CDI.current() should use privileged block

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/CDI-727?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on CDI-727: -------------------------------- [~mkouba] Confirmed: problem affects latest master of CDI (9f5eaa/2.1-SNAPSHOT) and patch in https://github.com/cdi-spec/cdi/pull/391 (508a47) resolves it successfully. For testing it is need to revert WFLY-10125 workaround, to enable given CDI and to run {{EntityListenerBeanManagerInjectionTestCase}} with {{-Dsecurity.manager}}. > CDI.current() should use privileged block > ----------------------------------------- > > Key: CDI-727 > URL: https://issues.jboss.org/browse/CDI-727 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Jan Kalina > Assignee: Antoine Sabot-Durand > Labels: security-manager > Fix For: 2.0.SP1 > > > When deployment in container with security manager enabled try to use {{CDI.current()}} call, {{CDI}} class directly access JAR of CDI provider, because of which security manager requires from the deployment to have permission to read the JAR. > *{{CDI.findAllProviders}} method should read the JAR in privileged block.* > (as discussed in WFLY-10125) > {code} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-integ-rhel-secman/1cfa62fc/jboss-eap-7.2/modules/system/layers/base/org/jboss/as/weld/main/wildfly-weld-7.2.0.CD12-redhat-2.jar" "read")" in code source "(vfs:/content/test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360) > at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152) > at java.net.URL.openStream(URL.java:1045) > at javax.enterprise.inject.spi.CDI.findAllProviders(CDI.java:109) > at javax.enterprise.inject.spi.CDI.current(CDI.java:53) > at org.jboss.as.test.integration.ee.injection.support.jpa.beanManager.TestEntityListener.obtainFooViaCdiCurrent(TestEntityListener.java:97) > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Martin Kouba commented on CDI-731: ---------------------------------- The problem is that our tests use mock implementations of these interfaces. So for example to test the {{AnnotatedMethod}} default method we do call {{java.lang.Class.getMethod()}} which is a subject to access control: https://github.com/antoinesd/cdi-spec/blob/master/api/src/test/java/org/j... That's why we see "access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")" in the stack. > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

CDI 2.1

by arjan tijms

Hi there, Just wondering, is there any time planned for when to officially start the CDI 2.1 effort? Kind regards, Arjan

6 years, 1 month

3
3
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Antoine Sabot-Durand (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Antoine Sabot-Durand edited comment on CDI-731 at 6/27/18 8:55 AM: ------------------------------------------------------------------- When I launch tests in https://github.com/antoinesd/cdi-spec/tree/master/api/src/test/java/org/j... with security manager I have ACE stack traces on the tests related to the interfaces above. They look like: {code:console} java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at javax.enterprise.inject.spi.AnnotatedMethod.getAnnotations(AnnotatedMethod.java:49) at org.jboss.cdi.api.test.annotated.AbstractAnnotatedTest.shouldFindAnnotationsOnAnnotated(AbstractAnnotatedTest.java:36) ... Removed 34 stack frames {code} was (Author: antoinesabot-durand): When I launch test in https://github.com/antoinesd/cdi-spec/tree/master/api/src/test/java/org/j... with security manager I have ACE stack traces on the tests related to the interface above. They're like: {code:console} java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at javax.enterprise.inject.spi.AnnotatedMethod.getAnnotations(AnnotatedMethod.java:49) at org.jboss.cdi.api.test.annotated.AbstractAnnotatedTest.shouldFindAnnotationsOnAnnotated(AbstractAnnotatedTest.java:36) ... Removed 34 stack frames {code} > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Antoine Sabot-Durand (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Antoine Sabot-Durand commented on CDI-731: ------------------------------------------ When I launch test in https://github.com/antoinesd/cdi-spec/tree/master/api/src/test/java/org/j... with security manager I have ACE stack traces on the tests related to the interface above. They're like: {code:console} java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at javax.enterprise.inject.spi.AnnotatedMethod.getAnnotations(AnnotatedMethod.java:49) at org.jboss.cdi.api.test.annotated.AbstractAnnotatedTest.shouldFindAnnotationsOnAnnotated(AbstractAnnotatedTest.java:36) ... Removed 34 stack frames {code} > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Martin Kouba commented on CDI-731: ---------------------------------- I don't think {{java.lang.reflect.AnnotatedElement.getAnnotationsByType()}} throws {{SecurityException}}. > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

[JBoss JIRA] (CDI-731) Default methods in Annotated hierarchy should use privileged blocs

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/CDI-731?page=com.atlassian.jira.plugin.sy... ] Martin Kouba edited comment on CDI-731 at 6/27/18 7:08 AM: ----------------------------------------------------------- I don't think that {{java.lang.reflect.AnnotatedElement.getAnnotationsByType()}} (used in those default methods) throws {{SecurityException}}. was (Author: mkouba): I don't think {{java.lang.reflect.AnnotatedElement.getAnnotationsByType()}} throws {{SecurityException}}. > Default methods in Annotated hierarchy should use privileged blocs > ------------------------------------------------------------------ > > Key: CDI-731 > URL: https://issues.jboss.org/browse/CDI-731 > Project: CDI Specification Issues > Issue Type: Bug > Components: Javadoc and API > Affects Versions: 2.0 .Final > Reporter: Antoine Sabot-Durand > Assignee: Antoine Sabot-Durand > Fix For: 2.0.SP1 > > > To deal with repearting annotatiosn (see CDI-471), CDI 2.0 introduced default method {{getAnnotations}}, in the following interfaces: > * {{AnnotatedConstructor}} > * {{AnnotatedField}} > * {{AnnotatedMethod}} > * {{AnnotatedParameter}} > * {{AnnotatedType}} > These methods make use of reflection and thus should use privileged blocs when used with a security manager -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

cdi-dev June 2018