[ https://issues.jboss.org/browse/WFCORE-3796?page=com.atlassian.jira.plugi... ] Ilia Vassilev commented on WFCORE-3796: --------------------------------------- Requirement [1] was introduced with https://issues.jboss.org/browse/WFWIP-9 which has been implemented in https://issues.jboss.org/browse/WFCORE-3596 (commit [2]). In result of that change when non-existent class-name is added an exception will be thrown at runtime. I've verified that when the following is added to Elytron configuration, exception [3] occurs. {code} <constant-permission-mapper name="cpm"> <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> <permission class-name="WrongName"/> </constant-permission-mapper> {code} Same exception occurs for permission-sets {code} <permission-sets> <permission-set name="login-permission"> <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> </permission-set> <permission-set name="default-permissions"> <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> <permission class-name="WrongName"/> </permission-set> </permission-sets> {code} [1] "When non-existent class-name or module (e.g. when there is a typo) is added to any Elytron permission mapper (constant-permission-mapper or simple-permission-mapper) then exception should be thrown. Otherwise it can result to situation when due to a typo some permission is granted to any identity instead of denying it - when permission in used on 'deny' side." [2] https://github.com/wildfly/wildfly-core/commit/1266d9aec57abb409a7c5dce3f... [3] {code} 17:19:39,939 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.security.permission-set.default-permissions: org.jboss.msc.service.StartException in service org.wildfly.security.permission-set.default-permissions: WFLYELY00038: Could not load permission class 'WrongName' at org.wildfly.extension.elytron.PermissionMapperDefinitions.createPermission(PermissionMapperDefinitions.java:432) at org.wildfly.extension.elytron.PermissionMapperDefinitions.createPermissions(PermissionMapperDefinitions.java:410) at org.wildfly.extension.elytron.PermissionSetDefinition$1.lambda$getValueSupplier$0(PermissionSetDefinition.java:75) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364) at java.lang.Thread.run(Thread.java:748) 17:19:39,975 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("permission-set" => "default-permissions") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-set.default-permissions" => "WFLYELY00038: Could not load permission class 'WrongName'"}} {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)