[ https://issues.jboss.org/browse/ELY-1553?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1553: ------------------------------ Description: There is a difference between required Permission for {{ElytronXmlParser.parseAuthenticationClientConfiguration()}} method in version 1.1.7.Final (JBoss EAP 7.1.0.GA) and 1.2.4.Final (JBoss EAP 7.2.0.CD12.CR1) when runs with Security Manager. Version 1.2.4.Final newly requires Permission {{java.security.SecurityPermission putProviderProperty.WildFlyElytron}}. It fails with following Exception: {code} java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "putProviderProperty.WildFlyElytron")" in code source "(vfs:/content/WildflyConfigXmlReproducerServlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.WildflyConfigXmlReproducerServlet.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1759) at org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:581) at java.security.Provider.check(Provider.java:658) at java.security.Provider.putService(Provider.java:1120) at org.wildfly.security.WildFlyElytronProvider.putHttpAuthenticationMechanismImplementations(WildFlyElytronProvider.java:232) at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:142) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$static$0(ElytronXmlParser.java:131) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:159) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:147) at org.wildfly.security.auth.client.ElytronXmlParser$DeferredSupplier.get(ElytronXmlParser.java:2826) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:116) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseClearPassword$49(ElytronXmlParser.java:2252) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$31(ElytronXmlParser.java:1065) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$38(ElytronXmlParser.java:1108) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$22(ElytronXmlParser.java:836) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$26(ElytronXmlParser.java:884) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$11(ElytronXmlParser.java:716) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$12(ElytronXmlParser.java:742) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:351) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:227) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:188) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlReproducerServlet.java:51) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.doGet(WildflyConfigXmlReproducerServlet.java:44) ... {code} In case this change is expected then Release Notes Jira should be created. The same Permission is needed when authentication context is obtained from server configuration (through default-authentication-context in elytron subsystem): {code} java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "putProviderProperty.WildFlyElytron")" in code source "(vfs:/content/direct-call-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.direct-call-dep.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1759) at org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:581) at java.security.Provider.check(Provider.java:658) at java.security.Provider.putService(Provider.java:1120) at org.wildfly.security.WildFlyElytronProvider.putHttpAuthenticationMechanismImplementations(WildFlyElytronProvider.java:232) at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:142) at org.wildfly.security.auth.client.AuthenticationConfiguration.lambda$static$0(AuthenticationConfiguration.java:169) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:159) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:147) at org.wildfly.security.sasl.util.SecurityProviderSaslClientFactory.createSaslClient(SecurityProviderSaslClientFactory.java:85) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ProtocolSaslClientFactory.createSaslClient(ProtocolSaslClientFactory.java:50) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50) at org.wildfly.security.sasl.util.FilterMechanismSaslClientFactory.createSaslClient(FilterMechanismSaslClientFactory.java:102) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory.createSaslClient(LocalPrincipalSaslClientFactory.java:76) at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.lambda$createSaslClient$0(PrivilegedSaslClientFactory.java:64) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.createSaslClient(PrivilegedSaslClientFactory.java:64) at org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient(AuthenticationConfiguration.java:1348) at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.createSaslClient(AuthenticationContextConfigurationClient.java:395) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:420) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) {code} or when authentication context is created programatically: {code} java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "putProviderProperty.WildFlyElytron")" in code source "(vfs:/content/programatically-set-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.programatically-set-dep.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1759) at org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:581) at java.security.Provider.check(Provider.java:658) at java.security.Provider.putService(Provider.java:1120) at org.wildfly.security.WildFlyElytronProvider.putHttpAuthenticationMechanismImplementations(WildFlyElytronProvider.java:232) at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:142) at org.wildfly.security.auth.client.AuthenticationConfiguration.lambda$static$0(AuthenticationConfiguration.java:169) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:159) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:147) at org.wildfly.security.sasl.util.SecurityProviderSaslClientFactory.createSaslClient(SecurityProviderSaslClientFactory.java:85) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ProtocolSaslClientFactory.createSaslClient(ProtocolSaslClientFactory.java:50) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50) at org.wildfly.security.sasl.util.FilterMechanismSaslClientFactory.createSaslClient(FilterMechanismSaslClientFactory.java:102) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory.createSaslClient(LocalPrincipalSaslClientFactory.java:76) at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.lambda$createSaslClient$0(PrivilegedSaslClientFactory.java:64) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.createSaslClient(PrivilegedSaslClientFactory.java:64) at org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient(AuthenticationConfiguration.java:1348) at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.createSaslClient(AuthenticationContextConfigurationClient.java:395) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:420) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) {code} was: There is a difference between required Permission for {{ElytronXmlParser.parseAuthenticationClientConfiguration()}} method in version 1.1.7.Final (JBoss EAP 7.1.0.GA) and 1.2.4.Final (JBoss EAP 7.2.0.CD12.CR1) when runs with Security Manager. Version 1.2.4.Final newly requires Permission {{java.security.SecurityPermission putProviderProperty.WildFlyElytron}}. It fails with following Exception: {code} java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "putProviderProperty.WildFlyElytron")" in code source "(vfs:/content/WildflyConfigXmlReproducerServlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.WildflyConfigXmlReproducerServlet.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1759) at org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:581) at java.security.Provider.check(Provider.java:658) at java.security.Provider.putService(Provider.java:1120) at org.wildfly.security.WildFlyElytronProvider.putHttpAuthenticationMechanismImplementations(WildFlyElytronProvider.java:232) at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:142) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$static$0(ElytronXmlParser.java:131) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:159) at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:147) at org.wildfly.security.auth.client.ElytronXmlParser$DeferredSupplier.get(ElytronXmlParser.java:2826) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:116) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseClearPassword$49(ElytronXmlParser.java:2252) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$31(ElytronXmlParser.java:1065) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$38(ElytronXmlParser.java:1108) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$22(ElytronXmlParser.java:836) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$26(ElytronXmlParser.java:884) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$11(ElytronXmlParser.java:716) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$12(ElytronXmlParser.java:742) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:351) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:227) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:188) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlReproducerServlet.java:51) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.doGet(WildflyConfigXmlReproducerServlet.java:44) ... {code} In case this change is expected then Release Notes Jira should be created. -- This message was sent by Atlassian JIRA (v7.5.0#75005)