JDBC datasource should be granted the connect SocketPermission -------------------------------------------------------------- Key: WFLY-11630 URL: https://issues.redhat.com/browse/WFLY-11630 Project: WildFly Issue Type: Bug Components: JCA, Security Affects Versions: 16.0.0.Beta1 Reporter: Ondrej Kotek Assignee: Ivo Studensky Priority: Major Labels: security-manager Attachments: DataSourceDefinitionJPATestCase-output-missing_SocketPermission_Connect.txt When a deployment uses connection on a JDBC datasource, the deployment needs the {{connect}} {{SocketPermission}} granted. For example {noformat} ... DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS"); Connection conn = ds.getConnection(); ... {noformat} may require {{permissions.xml}} like {noformat} <permissions version="7"> <!-- Connections to databases --> <permission> <class-name>java.net.SocketPermission</class-name> <name>*</name> <!-- This can be hardened by using specific URLs/IPs --> <actions>resolve,connect</actions> </permission> </permissions> {noformat} However, {{resolve}} {{SocketPermission}} should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the {{connect}} {{SocketPermission.}} JDBC extends the JCA spec.