]
Ivo Studensky commented on WFCORE-1351:
---------------------------------------
Except of WFNC-23 posted above, it works now. The testcase, however, contains permissions
which are not needed in order to pass successfully on Security Manager. So I've filed
PR to remove them.
FilePermission for XNIO and Marshalling modules are required for
Remoting to run with security manager
------------------------------------------------------------------------------------------------------
Key: WFCORE-1351
URL:
https://issues.jboss.org/browse/WFCORE-1351
Project: WildFly Core
Issue Type: Bug
Components: Remoting, Security
Reporter: Ondrej Kotek
Assignee: Ivo Studensky
Priority: Critical
Fix For: 3.0.0.Beta7
Attachments: 1-no-createEndpoint-permission.stacktrace,
2-no-createXnioWorker-permission.stacktrace,
3-no-addConnectionProvider-permission.stacktrace,
4-no-accessDeclaredMembers-permission.stractrace,
5-no-suppressAccessChecks-permission.stracktrace
# Running _NestedRemoteContextTestCase_ (from WildFly _testsuite/integration/basic_) with
security manager, like
{noformat}
./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase
-Dsecurity.manager
{noformat}
results in exception:
{noformat}
java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider
found
{noformat}
To make it work, permissions like following need to be added to _permissions.xml_ of
_ejb.ear_:
{noformat}
new
FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*",
"read"),
new
FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*",
"read"),
new RemotingPermission("createEndpoint"),
new RuntimePermission("createXnioWorker"),
new RemotingPermission("addConnectionProvider"),
new RuntimePermission("modifyThread"),
new RuntimePermission("accessDeclaredMembers"),
new ReflectPermission("suppressAccessChecks")
{noformat}
which is very confusing.
Why do I need add seemingly unrelated permissions, like _FilePermission_ for XNIO and
marshalling or _RuntimePermission_ for createXnioWorker? Such behavior should be fixed or
properly documented.