March 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-6192) JAXBUsageTestCase fails with security manager with security manager enabled

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-6192?page=com.atlassian.jira.plugin.... ] Ivo Studensky commented on WFLY-6192: ------------------------------------- As JAXB loads a customer classes, it needs the following permissions granted on the deployment (this cannot be running within a privileged block in JAXB): {{new ReflectPermission("suppressAccessChecks")}} {{new RuntimePermission("accessDeclaredMembers")}} > JAXBUsageTestCase fails with security manager with security manager enabled > --------------------------------------------------------------------------- > > Key: WFLY-6192 > URL: https://issues.jboss.org/browse/WFLY-6192 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Reporter: Hynek Švábek > Assignee: Ivo Studensky > > *org.jboss.as.test.integration.jaxb.unit.JAXBUsageTestCase#testJAXBServlet* > {{./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false -Dsecurity.manager -Dts.basic -Dts.noSmoke -Dtest=org.jboss.as.test.integration.jaxb.unit.JAXBUsageTestCase#testJAXBServlet}} > Fails with: > {code} > ERROR [io.undertow.request] (default task-46) UT005023: Exception handling request to /jaxb-webapp//jaxbServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/jaxb-webapp.war/WEB-INF/classes <no signer certificates>)" of "null") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.Thread.getContextClassLoader(Thread.java:500) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:279) > at org.jboss.as.test.integration.jaxb.JAXBUsageServlet.doGet(JAXBUsageServlet.java:50) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) > at java.security.AccessController.doPrivileged(AccessController.java:650) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.lang.Thread.run(Thread.java:785) > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6349) JMSXGroupId has no effect on JMSProducer

by Harald Wellmann (JIRA)

[ https://issues.jboss.org/browse/WFLY-6349?page=com.atlassian.jira.plugin.... ] Harald Wellmann commented on WFLY-6349: --------------------------------------- Thanks for this example - it turns out we're not quite looking at the same problem. Your example also sets {{JMSXGroupSeq}} in addition to {{JMSXGroupId}}. I didn't set the former, in fact I wasn't aware of it, since it is not mentioned in https://activemq.apache.org/artemis/docs/1.1.0/message-grouping.html, nor in the latest HornetQ manual. In your example, if you replace {code} producer.setProperty("JMSXGroupSeq", i).send(destination, text); {code} by {code} producer.send(destination, text); {code} you will also see the messages being received in random order. (Tried on a local build of 10.1.0-SNAPSHOT.) But if you set the properties on the messages, not on the producer, the sequential order will be restored: {code} String text = "This is message " + (i + 1); TextMessage textMessage = context.createTextMessage(text); textMessage.setStringProperty("JMSXGroupID", "sequential"); textMessage.setStringProperty("foo", "bar"); producer.send(destination, textMessage); // textMessage, not text! {code} So maybe if this behaviour is coincidental, and if the basic rule is that JMSXGroupID should never be used without JMSGroupSeq, then at least the docs should be updated. > JMSXGroupId has no effect on JMSProducer > ---------------------------------------- > > Key: WFLY-6349 > URL: https://issues.jboss.org/browse/WFLY-6349 > Project: WildFly > Issue Type: Bug > Components: JMS > Affects Versions: 10.0.0.Final > Reporter: Harald Wellmann > Assignee: Jeff Mesnil > Fix For: 10.1.0.Final > > > h3. Scenario > I'm setting the {{JMSXGroupID}} on a {{JMSProducer}} to achieve message delivery in the correct order. The consumer is a message-driven bean. > {code} > JMSProducer producer = context.createProducer(); > producer = producer.setProperty("JMSXGroupID", "sequential"); > producer = producer.setProperty("foo", "bar"); > for (int i = 0; i < 50; i++) { > msgNumber++; > String text = "This is message " + msgNumber; > producer.send(queue, text); > } > {code} > h3. Expected Behaviour > The messages are received in the correct order, the properties {{JMSXGroupID}} and {{foo}} are set on the receiver side. > h3. Actual Behaviour > The messages are received in random order. Property {{foo}} is set, but property {{JMSXGroupID}} is null on the receiver side. > h3. Workaround > Create a {{TextMessage}} and set the properties on the message, not on the producer. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6349) JMSXGroupId has no effect on JMSProducer

by Harald Wellmann (JIRA)

[ https://issues.jboss.org/browse/WFLY-6349?page=com.atlassian.jira.plugin.... ] Harald Wellmann reopened WFLY-6349: ----------------------------------- > JMSXGroupId has no effect on JMSProducer > ---------------------------------------- > > Key: WFLY-6349 > URL: https://issues.jboss.org/browse/WFLY-6349 > Project: WildFly > Issue Type: Bug > Components: JMS > Affects Versions: 10.0.0.Final > Reporter: Harald Wellmann > Assignee: Jeff Mesnil > Fix For: 10.1.0.Final > > > h3. Scenario > I'm setting the {{JMSXGroupID}} on a {{JMSProducer}} to achieve message delivery in the correct order. The consumer is a message-driven bean. > {code} > JMSProducer producer = context.createProducer(); > producer = producer.setProperty("JMSXGroupID", "sequential"); > producer = producer.setProperty("foo", "bar"); > for (int i = 0; i < 50; i++) { > msgNumber++; > String text = "This is message " + msgNumber; > producer.send(queue, text); > } > {code} > h3. Expected Behaviour > The messages are received in the correct order, the properties {{JMSXGroupID}} and {{foo}} are set on the receiver side. > h3. Actual Behaviour > The messages are received in random order. Property {{foo}} is set, but property {{JMSXGroupID}} is null on the receiver side. > h3. Workaround > Create a {{TextMessage}} and set the properties on the message, not on the producer. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (JBEE-166) Permission check failures when running with Security Manager enabled

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/JBEE-166?page=com.atlassian.jira.plugin.s... ] Ivo Studensky updated JBEE-166: ------------------------------- Git Pull Request: https://github.com/jboss/jboss-jaxb-api_spec/pull/4 > Permission check failures when running with Security Manager enabled > -------------------------------------------------------------------- > > Key: JBEE-166 > URL: https://issues.jboss.org/browse/JBEE-166 > Project: JBoss JavaEE Spec APIs > Issue Type: Bug > Components: jboss-jaxb-api > Reporter: Ivo Studensky > Assignee: Ivo Studensky > > When running with Security Manager enabled there are two failures due to: > 1. RuntimePermission("getClassLoader"), see the stacktrace: > {noformat} > ERROR [io.undertow.request] (default task-46) UT005023: Exception handling request to /jaxb-webapp//jaxbServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/jaxb-webapp.war/WEB-INF/classes <no signer certificates>)" of "null") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.Thread.getContextClassLoader(Thread.java:500) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:279) > at org.jboss.as.test.integration.jaxb.JAXBUsageServlet.doGet(JAXBUsageServlet.java:50) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) > at java.security.AccessController.doPrivileged(AccessController.java:650) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.lang.Thread.run(Thread.java:785) > {noformat} > 2. and FilePermission("modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read"), the stacktrace is as follows: > {noformat} > ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jaxb-webapp//jaxbServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "....../jboss-eap/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")" in code source "(vfs:/content/jaxb-webapp.war/WEB-INF/classes <no signer certificates>)" of "null") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377) > at java.util.zip.ZipFile.<init>(ZipFile.java:210) > at java.util.zip.ZipFile.<init>(ZipFile.java:149) > at java.util.jar.JarFile.<init>(JarFile.java:166) > at java.util.jar.JarFile.<init>(JarFile.java:103) > at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) > at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) > at java.net.URL.openStream(URL.java:1045) > at javax.xml.bind.ContextFinder.find(ContextFinder.java:292) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:279) > at org.jboss.as.test.integration.jaxb.JAXBUsageServlet.doGet(JAXBUsageServlet.java:50) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {noformat} > I believe these two places are worth enclosing with a privileged block. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (JBEE-166) Permission check failures when running with Security Manager enabled

by Ivo Studensky (JIRA)

Ivo Studensky created JBEE-166: ---------------------------------- Summary: Permission check failures when running with Security Manager enabled Key: JBEE-166 URL: https://issues.jboss.org/browse/JBEE-166 Project: JBoss JavaEE Spec APIs Issue Type: Bug Components: jboss-jaxb-api Reporter: Ivo Studensky Assignee: Ivo Studensky When running with Security Manager enabled there are two failures due to: 1. RuntimePermission("getClassLoader"), see the stacktrace: {noformat} ERROR [io.undertow.request] (default task-46) UT005023: Exception handling request to /jaxb-webapp//jaxbServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/jaxb-webapp.war/WEB-INF/classes <no signer certificates>)" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.Thread.getContextClassLoader(Thread.java:500) at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:279) at org.jboss.as.test.integration.jaxb.JAXBUsageServlet.doGet(JAXBUsageServlet.java:50) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) at java.security.AccessController.doPrivileged(AccessController.java:650) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.lang.Thread.run(Thread.java:785) {noformat} 2. and FilePermission("modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read"), the stacktrace is as follows: {noformat} ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jaxb-webapp//jaxbServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "....../jboss-eap/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")" in code source "(vfs:/content/jaxb-webapp.war/WEB-INF/classes <no signer certificates>)" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377) at java.util.zip.ZipFile.<init>(ZipFile.java:210) at java.util.zip.ZipFile.<init>(ZipFile.java:149) at java.util.jar.JarFile.<init>(JarFile.java:166) at java.util.jar.JarFile.<init>(JarFile.java:103) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) at java.net.URL.openStream(URL.java:1045) at javax.xml.bind.ContextFinder.find(ContextFinder.java:292) at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412) at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375) at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:279) at org.jboss.as.test.integration.jaxb.JAXBUsageServlet.doGet(JAXBUsageServlet.java:50) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180) at java.security.AccessController.doPrivileged(Native Method) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {noformat} I believe these two places are worth enclosing with a privileged block. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6313) Upgrade Narayana to 5.3.0.Final

by Carsten Lichy-Bittendorf (JIRA)

[ https://issues.jboss.org/browse/WFLY-6313?page=com.atlassian.jira.plugin.... ] Carsten Lichy-Bittendorf commented on WFLY-6313: ------------------------------------------------ [~jason.greene], may I have your attention for these PRs. They are a prereq. to get the enhancement in EAP7 and EAP6 Thanks, Carsten > Upgrade Narayana to 5.3.0.Final > ------------------------------- > > Key: WFLY-6313 > URL: https://issues.jboss.org/browse/WFLY-6313 > Project: WildFly > Issue Type: Component Upgrade > Components: Transactions > Reporter: Tom Jenkinson > Assignee: Tom Jenkinson > Fix For: 11.0.0.Alpha1 > > > https://issues.jboss.org/browse/JBTM/fixforversion/12329807/?selectedTab=... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6434) System property 'org.jboss.as.security.jacc-module' not always used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-6434?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-6434: ---------------------------------------- Instead of a patch feel free to send in a pull request via GitHub - this way we can easily run our entire testsuite on the changes and after review can merge the changes if we agree they are correct. > System property 'org.jboss.as.security.jacc-module' not always used > ------------------------------------------------------------------- > > Key: WFLY-6434 > URL: https://issues.jboss.org/browse/WFLY-6434 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Winfried Wasser > Assignee: Darran Lofthouse > Attachments: security.patch > > > JaccService of security subsystem does not use the system property 'org.jboss.as.security.jacc-module' for class loader. > Due to this "not using", the custom JACC module is not used. > This property was introduced by WFLY-5340 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (WFLY-6434) System property 'org.jboss.as.security.jacc-module' not always used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-6434?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-6434: ----------------------------------- Priority: Major (was: Blocker) > System property 'org.jboss.as.security.jacc-module' not always used > ------------------------------------------------------------------- > > Key: WFLY-6434 > URL: https://issues.jboss.org/browse/WFLY-6434 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Winfried Wasser > Assignee: Darran Lofthouse > Attachments: security.patch > > > JaccService of security subsystem does not use the system property 'org.jboss.as.security.jacc-module' for class loader. > Due to this "not using", the custom JACC module is not used. > This property was introduced by WFLY-5340 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (ELY-466) Add a GSSCredential CredentialStore

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-466?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse resolved ELY-466. ---------------------------------- Resolution: Duplicate Issue > Add a GSSCredential CredentialStore > ----------------------------------- > > Key: ELY-466 > URL: https://issues.jboss.org/browse/ELY-466 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Credential Store > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta5 > > > This will be used to provide GSSCredential instances for use by authentication mechanisms. > Ideally a single store can support multiple credentials, the alias paramater may be a good way to map from the host name of the request to the ticket to use. > Need to think how much this makes sense to load using the Provider as it could potentially have quite a verbose configuration. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

[JBoss JIRA] (ELY-454) Kerberos (GSS) Credential Store

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-454?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-454: ------------------------------------ Assignee: Darran Lofthouse > Kerberos (GSS) Credential Store > ------------------------------- > > Key: ELY-454 > URL: https://issues.jboss.org/browse/ELY-454 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Credential Store > Reporter: David Lloyd > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta5 > > > We need a credential store for holding Kerberos GSS tokens. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2016