[jboss-jira] [JBoss JIRA] (JBMESSAGING-1930) org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks

org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks -------------------------------------------------------------------------------- Key: JBMESSAGING-1930 URL: https://issues.jboss.org/browse/JBMESSAGING-1930 Project: JBoss Messaging Issue Type: Bug Components: JMS Security Affects Versions: 1.4.8.SP5 Reporter: Derek Horton Assignee: Yong Hao Gao Fix For: 1.4.8.SP8 Attachments: JBPAPP-7335.patch A customer is trying to use the Java security manager on EAP 5.0.1. When the security manager is enabled, JBoss is throwing the following exception when they deploy their application that uses JMS: Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore#getSecurityMetadata[jboss.messaging:service=SecurityStore] invoke) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at org.jboss.system.security.DebuggingJavaSecurityManager.checkPermission(DebuggingJavaSecurityManager.java:95) at org.jboss.mx.server.MBeanServerImpl.checkMBeanPermission(MBeanServerImpl.java:1735) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:663) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy85.getSecurityMetadata(Unknown Source) at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:285) at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:113) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java) at org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:100) at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:157) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:930) at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106) at org.jboss.remoting.Client.invoke(Client.java:2034) at org.jboss.remoting.Client.invoke(Client.java:877) at org.jboss.remoting.Client.invoke(Client.java:865) at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189) I found a JIRA [1] that appears to resolve the issue in messaging versions 1.4.0.SP3.CP05, 1.4.1.GA, 1.4.2.GA. I tried adding the following grant statement to the java security policy file, hoping that would resolve the issue. grant codeBase "file:${jboss.home.dir}/common/lib/jboss-messaging-int.jar" { permission java.security.AllPermission; }; Unfortunately, it does not resolve the issue. I am also able to recreate the issue on EAP 5.1.0. [1] https://issues.jboss.org/browse/JBMESSAGING-1448