6:43 a.m.
[
https://issues.jboss.org/browse/ELY-1873?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse updated ELY-1873:
----------------------------------
Description:
Errors such as the following can be seen within the application server: -
{noformat}
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only
permission collection
at
org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127)
[wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005)
[rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637)
[rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189)
[rt.jar:1.8.0_222]
at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605)
[rt.jar:1.8.0_222]
at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
at
com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64)
[rt.jar:1.8.0_222]
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
... 11 more
{noformat}
In this scenario the permission was
RuntimePermission("java.lang.RuntimePermission" "createClassLoader")
so should be related to the ProtectionDomain of the class loader and not the JACC
permission collection.
JaccDelegatingPolicy should allow non JACC modifications to pass
through.
-------------------------------------------------------------------------
Key: ELY-1873
URL: https://issues.jboss.org/browse/ELY-1873
Project: WildFly Elytron
Issue Type: Bug
Components: EE
Affects Versions: 1.10.0.Final
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Blocker
Fix For: 1.10.1.CR1
Errors such as the following can be seen within the application server: -
{noformat}
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only
permission collection
at
org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127)
[wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005)
[rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637)
[rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189)
[rt.jar:1.8.0_222]
at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605)
[rt.jar:1.8.0_222]
at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
at
com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64)
[rt.jar:1.8.0_222]
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
at
org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
... 11 more
{noformat}
In this scenario the permission was
RuntimePermission("java.lang.RuntimePermission" "createClassLoader")
so should be related to the ProtectionDomain of the class loader and not the JACC
permission collection.
--
This message was sent by Atlassian Jira
(v7.13.5#713005)