[
https://issues.jboss.org/browse/WFLY-5875?page=com.atlassian.jira.plugin....
]
Hynek Švábek reassigned WFLY-5875:
----------------------------------
Assignee: Hynek Švábek (was: Ondrej Kotek)
Some domain tests fail with security manager
--------------------------------------------
Key: WFLY-5875
URL:
https://issues.jboss.org/browse/WFLY-5875
Project: WildFly
Issue Type: Bug
Components: Domain Management, Test Suite
Reporter: Ondrej Kotek
Assignee: Hynek Švábek
*org.jboss.as.test.integration.domain.mixed.eap640.MixedDomainDeployment640TestCase#testJsfWorks*
{{./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false
-Dts.noSmoke -Dtest=MixedDomainDeployment640TestCase#testJsfWorks
-Djboss.test.mixed.domain.dir=/home/okotek/test/ -Dsecurity.manager}}
fails with:
{noformat}
SEVERE [javax.enterprise.resource.webcontainer.jsf.application]
(http-/10.16.95.147:8080-1) Error Rendering View[/home.xhtml]: javax.el.ELException:
/home.xhtml: java.lang.RuntimeException: java.security.AccessControlException: access
denied ("java.lang.reflect.ReflectPermission"
"suppressAccessChecks")[0m
[Server:server-one] [31m at
com.sun.faces.facelets.compiler.TextInstruction.write(TextInstruction.java:88)[0m
[Server:server-one] [31m at
com.sun.faces.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:82)[0m
[Server:server-one] [31m at
com.sun.faces.facelets.compiler.UILeaf.encodeAll(UILeaf.java:207)[0m
[Server:server-one] [31m at
javax.faces.component.UIComponent.encodeAll(UIComponent.java:1822)[0m
[Server:server-one] [31m at
com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:447)[0m
[Server:server-one] [31m at
com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:125)[0m
[Server:server-one] [31m at
javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:286)[0m
[Server:server-one] [31m at
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120)[0m
[Server:server-one] [31m at
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)[0m
[Server:server-one] [31m at
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)[0m
[Server:server-one] [31m at
javax.faces.webapp.FacesServlet.service(FacesServlet.java:594)[0m
[Server:server-one] [31m at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[0m
[Server:server-one] [31m at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[0m
[Server:server-one] [31m at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[0m
[Server:server-one] [31m at
java.lang.reflect.Method.invoke(Method.java:497)[0m
[Server:server-one] [31m at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:264)[0m
[Server:server-one] [31m at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)[0m
[Server:server-one] [31m at
java.security.AccessController.doPrivileged(Native Method)[0m
[Server:server-one] [31m at
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)[0m
[Server:server-one] [31m at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:296)[0m
[Server:server-one] [31m at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:156)[0m
[Server:server-one] [31m at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:288)[0m
[Server:server-one] [31m at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:59)[0m
[Server:server-one] [31m at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:197)[0m
[Server:server-one] [31m at
java.security.AccessController.doPrivileged(Native Method)[0m
[Server:server-one] [31m at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)[0m
[Server:server-one] [31m at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)[0m
[Server:server-one] [31m at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)[0m
[Server:server-one] [31m at
org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.event(JBossWebContext.java:91)[0m
[Server:server-one] [31m at
org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.invoke(JBossWebContext.java:72)[0m
[Server:server-one] [31m at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)[0m
[Server:server-one] [31m at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)[0m
[Server:server-one] [31m at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)[0m
[Server:server-one] [31m at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)[0m
[Server:server-one] [31m at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)[0m
[Server:server-one] [31m at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)[0m
[Server:server-one] [31m at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)[0m
[Server:server-one] [31m at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)[0m
[Server:server-one] [31m at
java.lang.Thread.run(Thread.java:745)[0m
[Server:server-one] [31mCaused by: java.lang.RuntimeException:
java.security.AccessControlException: access denied
("java.lang.reflect.ReflectPermission"
"suppressAccessChecks")[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65)[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:283)[0m
[Server:server-one] [31m at
org.jboss.weld.introspector.jlr.WeldConstructorImpl.newInstance(WeldConstructorImpl.java:206)[0m
[Server:server-one] [31m at
org.jboss.weld.injection.ConstructorInjectionPoint.newInstance(ConstructorInjectionPoint.java:117)[0m
[Server:server-one] [31m at
org.jboss.weld.bean.ManagedBean.createInstance(ManagedBean.java:340)[0m
[Server:server-one] [31m at
org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget.produce(ManagedBean.java:204)[0m
[Server:server-one] [31m at
org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:296)[0m
[Server:server-one] [31m at
org.jboss.weld.context.AbstractContext.get(AbstractContext.java:103)[0m
[Server:server-one] [31m at
org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:90)[0m
[Server:server-one] [31m at
org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:79)[0m
[Server:server-one] [31m at
org.jboss.as.test.integration.domain.mixed.jsf.Bean$Proxy$_$$_WeldClientProxy.getMessage(Bean$Proxy$_$$_WeldClientProxy.java)[0m
[Server:server-one] [31m at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[0m
[Server:server-one] [31m at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[0m
[Server:server-one] [31m at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[0m
[Server:server-one] [31m at
java.lang.reflect.Method.invoke(Method.java:497)[0m
[Server:server-one] [31m at
javax.el.BeanELResolver.getValue(BeanELResolver.java:304)[0m
[Server:server-one] [31m at
com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176)[0m
[Server:server-one] [31m at
com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203)[0m
[Server:server-one] [31m at
org.apache.el.parser.AstValue.getValue(AstValue.java:166)[0m
[Server:server-one] [31m at
org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189)[0m
[Server:server-one] [31m at
org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50)[0m
[Server:server-one] [31m at
com.sun.faces.facelets.el.ELText$ELTextVariable.writeText(ELText.java:227)[0m
[Server:server-one] [31m at
com.sun.faces.facelets.el.ELText$ELTextComposite.writeText(ELText.java:150)[0m
[Server:server-one] [31m at
com.sun.faces.facelets.compiler.TextInstruction.write(TextInstruction.java:85)[0m
[Server:server-one] [31m ... 38 more[0m
[Server:server-one] [31mCaused by: java.security.AccessControlException:
access denied ("java.lang.reflect.ReflectPermission"
"suppressAccessChecks")[0m
[Server:server-one] [31m at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)[0m
[Server:server-one] [31m at
java.security.AccessController.checkPermission(AccessController.java:884)[0m
[Server:server-one] [31m at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)[0m
[Server:server-one] [31m at
java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:128)[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:288)[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:283)[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52)[0m
[Server:server-one] [31m at
org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:63)[0m
{noformat}
*org.jboss.as.test.integration.domain.suites.ReadEnvironmentVariablesTestCase#testReadEnvironmentVariablesForServers*
{{./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false
-Dsecurity.manager -Dts.domain -Dts.noSmoke
-Dtest=org.jboss.as.test.integration.domain.suites.ReadEnvironmentVariablesTestCase#testReadEnvironmentVariablesForServers}}
fails with:
{noformat}
ERROR [io.undertow.request] (default task-43) UT005023: Exception handling request to
/env-test/env: java.security.Access
ControlException: WFSM000001: Permission check failed (permission
"("java.lang.RuntimePermission" "getenv.*")" in code source
"(vfs:/content/env-test.war/WEB-INF/classes <no signer certificates>)" of
"null")
[Server:main-one] at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
[Server:main-one] at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
[Server:main-one] at java.lang.System.getenv(System.java:944) [rt.jar:1.8.0_60]
[Server:main-one] at
org.jboss.as.test.integration.domain.suites.EnvironmentTestServlet.doGet(EnvironmentTestServlet.java:44)
[classes:]
[Server:main-one] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
[jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
[Server:main-one] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
[jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
[Server:main-one] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
[Server:main-one] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:180)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_60]
[Server:main-one] at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:177)
[undertow-servlet-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
[undertow-core-1.3.7.Final-redhat-1.jar:1.3.7.Final-redhat-1]
[Server:main-one] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_60]
[Server:main-one] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_60]
[Server:main-one] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)