Ricardo Martin Camarero created WFCORE-5243:
-----------------------------------------------
Summary: NullPointerException when invalid <permission> classes
specified
Key: WFCORE-5243
URL:
https://issues.redhat.com/browse/WFCORE-5243
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 14.0.0.Final
Reporter: Ricardo Martin Camarero
Assignee: Ricardo Martin Camarero
If the security manager contains an invalid class or other data in the minimum-set it
throws a NullPointerException instead of a useful error message.
{noformat}
ERROR [management-operation] WFLYCTL0013 : Operation ("add") failed - address
([("subsystem" => "security-manager")]):
java.lang.NullPointerException
at java.security.Permissions.getPermissionCollection(Permissions.java:240)
at java.security.Permissions.implies(Permissions.java:179) at
org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75)
at
org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
...{noformat}
The same thing happens with other missing data.
* Works:
{noformat}
<permission class="java.io.FilePermission" name="/foo"
actions="read"/>{noformat}
* Fail with NullPointerException:
{noformat}
<permission class="invalid.class.name" name="/foo"
actions="read"/>{noformat}
{noformat}
<permission class="java.io.FilePermission"
name="/foo"/>{noformat}
{noformat}
<permission class="java.io.FilePermission"
actions="read"/>{noformat}
The NullPointerException does not occur if maximum-set is absent, or contains
*java.security.AllPermission*
--
This message was sent by Atlassian Jira
(v8.13.1#813001)