[JBoss JIRA] (JBMESSAGING-1930) org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks
6:43 p.m.
[
https://issues.jboss.org/browse/JBMESSAGING-1930?page=com.atlassian.jira....
]
Derek Horton moved JBPAPP-9509 to JBMESSAGING-1930:
---------------------------------------------------
Project: JBoss Messaging (was: JBoss Enterprise Application
Platform)
Key: JBMESSAGING-1930 (was: JBPAPP-9509)
Issue Type: Bug (was: Support Patch)
Workflow: jira (was: JBoss Platforms Support Case Workflow v1)
Release Notes Text: (was: CAUSE
This only affects customers who are using the Java Security Manager
and Message Driven Beans. The JBoss Messaging code is missing
privileged blocks.
CONSEQUENCE
Message Driven Beans will fail to execute because of security exceptions.
FIX
Add the correct privileged blocks to the JBoss Messaging code.
RESULT
Message Driven Beans will work if the Java Security Manager is used.
)
Fix Version/s: 1.4.8.SP8
(was: TBD EAP 5)
Security: (was: JBoss Internal)
Docs QE Status: (was: NEW)
Affects Version/s: 1.4.8.SP5
(was: EAP_EWP 5.1.0)
(was: EAP 5.0.1)
(was: EAP_EWP 5.1.2)
Workaround Description: N/A
Support Case Reference: (was: https://na7.salesforce.com/500A0000007AwT4)
SVN / CVS Isolated Branch: (was:
https://svn.jboss.org/repos/messaging/branches/JBossMessaging_1_4_6_GA_JB...)
Component/s: JMS Security
(was: Messaging)
Steps to Reproduce:
- enable the Java Security Manager
- deploy a message driven bean
org.jboss.jms.server.container.SecurityAspect.check is missing
privileged blocks
--------------------------------------------------------------------------------
Key: JBMESSAGING-1930
URL: https://issues.jboss.org/browse/JBMESSAGING-1930
Project: JBoss Messaging
Issue Type: Bug
Components: JMS Security
Affects Versions: 1.4.8.SP5
Reporter: Derek Horton
Assignee: Derek Horton
Fix For: 1.4.8.SP8
A customer is trying to use the Java security manager on EAP 5.0.1. When the security
manager is enabled, JBoss is throwing the following exception when they deploy their
application that uses JMS:
Caused by: java.security.AccessControlException: access denied
(javax.management.MBeanPermission
org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore#getSecurityMetadata[jboss.messaging:service=SecurityStore]
invoke)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
org.jboss.system.security.DebuggingJavaSecurityManager.checkPermission(DebuggingJavaSecurityManager.java:95)
at
org.jboss.mx.server.MBeanServerImpl.checkMBeanPermission(MBeanServerImpl.java:1735)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:663)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy85.getSecurityMetadata(Unknown Source)
at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:285)
at
org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java)
at
org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:100)
at
org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:157)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:930)
at
org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
at org.jboss.remoting.Client.invoke(Client.java:2034)
at org.jboss.remoting.Client.invoke(Client.java:877)
at org.jboss.remoting.Client.invoke(Client.java:865)
at
org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189)
I found a JIRA [1] that appears to resolve the issue in messaging versions
1.4.0.SP3.CP05, 1.4.1.GA, 1.4.2.GA. I tried adding the following grant statement to the
java security policy file, hoping that would resolve the issue.
grant codeBase "file:${jboss.home.dir}/common/lib/jboss-messaging-int.jar" {
permission java.security.AllPermission;
};
Unfortunately, it does not resolve the issue.
I am also able to recreate the issue on EAP 5.1.0.
[1] https://issues.jboss.org/browse/JBMESSAGING-1448
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4579
days inactive
4579
days old
0 comments
1 participants
participants (1)
-
Derek Horton (JIRA)