[JBoss JIRA] (JBRULES-3540) .AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
5:08 p.m.
Abhishek Srivastava created JBRULES-3540:
--------------------------------------------
Summary: .AccessControlException: access denied (java.lang.RuntimePermission
getClassLoader)
Key: JBRULES-3540
URL: https://issues.jboss.org/browse/JBRULES-3540
Project: Drools
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: drools-core
Affects Versions: 5.4.0.Final
Environment: Red Hat Enterprise Linux Server release 5.3 (Tikanga). JDK1.6.0_31
Reporter: Abhishek Srivastava
Assignee: Mark Proctor
We are using drools to create a RuleEngine. The rules are specified using Excel sheet and
are getting compiled properly. But when the rules are executed, the dynamically generated
Java-classes are giving the following security exception:
Stack trace:
Detail: Exception executing consequence for rule "FSA_Unmapped_Line" in
spike.rules: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
org.drools.runtime.rule.impl.DefaultConsequenceExceptionHandler.handleException(DefaultConsequenceExceptionHandler.java:39)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1283)
at org.drools.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1209)
at org.drools.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1442)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:710)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:674)
at com.xxx.yyy.process(RulesEngine.java:50)
at com.xxx.yyy.performBaselineProcessing(AbstractRuleSource.java:366)
at com.xxx.yyy.RuleSource$RuleProcess.run(RuleSource.java:81)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.xxx.yyy.LocalSecurityManager.checkPermission(LocalSecurityManager.java:37)
at java.lang.ClassLoader.getParent(ClassLoader.java:1257)
at
org.drools.rule.JavaDialectRuntimeData$PackageClassLoader.loadClass(JavaDialectRuntimeData.java:583)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.defaultConsequence(Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.java:7)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvokerGenerated.evaluate(Unknown
Source)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvoker.evaluate(Unknown
Source)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1273)
... 10 more
We are having a SecurityManager installed to manage the permissions. Please note that with
drools-5.3.1, the RuleEngine was working fine and the issue started coming as soon as we
migrated to version 5.4. We have tried to use JANINO java compiler, but that does not
resolve the problem. Granting RuntimePermission to get/create ClassLoader is not an option
as it will leave security loophole and we cannot do this.
Kindly fix this issue in drools-5.4 and let us know an ETA for the patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:10 p.m.
New subject: [JBoss JIRA] (JBRULES-3540) .AccessControlException occurs when Rules are executed with drools-5.4
[
https://issues.jboss.org/browse/JBRULES-3540?page=com.atlassian.jira.plug...
]
Abhishek Srivastava updated JBRULES-3540:
-----------------------------------------
Summary: .AccessControlException occurs when Rules are executed with drools-5.4 (was:
.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) )
.AccessControlException occurs when Rules are executed with
drools-5.4
----------------------------------------------------------------------
Key: JBRULES-3540
URL: https://issues.jboss.org/browse/JBRULES-3540
Project: Drools
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: drools-core
Affects Versions: 5.4.0.Final
Environment: Red Hat Enterprise Linux Server release 5.3 (Tikanga). JDK1.6.0_31
Reporter: Abhishek Srivastava
Assignee: Mark Proctor
We are using drools to create a RuleEngine. The rules are specified using Excel sheet and
are getting compiled properly. But when the rules are executed, the dynamically generated
Java-classes are giving the following security exception:
Stack trace:
Detail: Exception executing consequence for rule "FSA_Unmapped_Line" in
spike.rules: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
org.drools.runtime.rule.impl.DefaultConsequenceExceptionHandler.handleException(DefaultConsequenceExceptionHandler.java:39)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1283)
at org.drools.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1209)
at org.drools.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1442)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:710)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:674)
at com.xxx.yyy.process(RulesEngine.java:50)
at com.xxx.yyy.performBaselineProcessing(AbstractRuleSource.java:366)
at com.xxx.yyy.RuleSource$RuleProcess.run(RuleSource.java:81)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.xxx.yyy.LocalSecurityManager.checkPermission(LocalSecurityManager.java:37)
at java.lang.ClassLoader.getParent(ClassLoader.java:1257)
at
org.drools.rule.JavaDialectRuntimeData$PackageClassLoader.loadClass(JavaDialectRuntimeData.java:583)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.defaultConsequence(Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.java:7)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvokerGenerated.evaluate(Unknown
Source)
at
spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvoker.evaluate(Unknown
Source)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1273)
... 10 more
We are having a SecurityManager installed to manage the permissions. Please note that
with drools-5.3.1, the RuleEngine was working fine and the issue started coming as soon as
we migrated to version 5.4. We have tried to use JANINO java compiler, but that does not
resolve the problem. Granting RuntimePermission to get/create ClassLoader is not an option
as it will leave security loophole and we cannot do this.
Kindly fix this issue in drools-5.4 and let us know an ETA for the patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4610
days inactive
4610
days old
1 comments
1 participants
participants (1)
-
Abhishek Srivastava (JIRA)