[
https://issues.jboss.org/browse/WFLY-11365?page=com.atlassian.jira.plugin...
]
Brian Stansberry commented on WFLY-11365:
-----------------------------------------
Yes, adding the permissions isn't a wonderful workaround. I just think this kind of
thing should be fixed upstream and WildFly shouldn't be maintaining forks.
There may be some pushback in upstream projects about doing things in a privileged block.
A hopefully helpful way to look at things is to determine whether a given call path is
something required by EE8 (the overall spec, not just the project specific spec.) If some
call path that's required doesn't work, fixing that's a different request from
asking for support for something like a user wanting to use a class generally meant for
external client use inside a container (e.g. javax.ws.rs.client.ClientBuilder).
So, for JSON-B, JSR 366, EE.6.16 says:
{quote}In a full Java EE product, all Java EE application client containers, web
containers, and EJB containers are required to support the JSON-B API.{quote}
Now that doesn't say much, but the only way I can interpret it is the web and ejb
containers have to expose the API to deployments. Which reasonably means the API jar is
part of the container codebase. And then AFAIK the only way to use the API is with
'Jsonb jsonb = JsonbBuilder.create();' Which will fail in any container running
with a security manager where the container gives its own code permissions but is
restrictive for the deployment; i.e. in any normal container. So, the expected EE 8 use
case will not work.
Test JSONBTestCase fails with security manager
----------------------------------------------
Key: WFLY-11365
URL:
https://issues.jboss.org/browse/WFLY-11365
Project: WildFly
Issue Type: Bug
Components: EE, Test Suite
Affects Versions: 15.0.0.Beta1
Reporter: Martin Choma
Assignee: Bartosz Baranowski
Priority: Major
Labels: security-manager
Attachments: sm-fix.patch
{noformat}
org.jboss.as.test.integration.json (1)
JSONBTestCase.testJsonbServlet
{noformat}
{noformat}
java.security.AccessControlException: WFSM000001: Permission check failed (permission
"("java.io.FilePermission"
"/store/repository/org/eclipse/yasson/1.0.2/yasson-1.0.2.jar"
"read")" in code source
"(vfs:/content/jsonb10-test.war/WEB-INF/classes <no signer
certificates>)" of "ModuleClassLoader for Module
"deployment.jsonb10-test.war" from Service Module Loader")
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at
org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:359)
at java.util.zip.ZipFile.<init>(ZipFile.java:216)
at java.util.zip.ZipFile.<init>(ZipFile.java:155)
at java.util.jar.JarFile.<init>(JarFile.java:166)
at java.util.jar.JarFile.<init>(JarFile.java:103)
at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
at java.net.URL.openStream(URL.java:1045)
at java.util.ServiceLoader.parse(ServiceLoader.java:304)
at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
at javax.json.bind.spi.JsonbProvider.provider(JsonbProvider.java:112)
at javax.json.bind.JsonbBuilder.create(JsonbBuilder.java:108)
at org.jboss.as.test.integration.json.JSONBServlet.doGet(JSONBServlet.java:46) ...
{noformat}
Looks to me similar to WFLY-11337
[1]
https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_Mas...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)