[
https://issues.jboss.org/browse/SECURITY-989?page=com.atlassian.jira.plug...
]
Stefan Guilhen closed SECURITY-989.
-----------------------------------
Fix Version/s: PicketBox_5_0_3.Final
Resolution: Done
org.jboss.security.xacml.core.JBossRequestContext.setRequest needs
privileged block
-----------------------------------------------------------------------------------
Key: SECURITY-989
URL:
https://issues.jboss.org/browse/SECURITY-989
Project: PicketBox
Issue Type: Bug
Reporter: Jan Kalina
Assignee: Jan Kalina
Fix For: PicketBox_5_0_3.Final
Need to add privileged block:
{code}
2018-04-09 21:56:27,737 ERROR
[org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule]
(pool-8-thread-1) Exception in processing:: java.security.AccessControlException:
WFSM000001: Permission check failed (permission
"("java.lang.RuntimePermission" "getClassLoader")" in code
source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of
"ModuleClassLoader for Module "deployment.test-custom-xacml.jar" from
Service Module Loader")
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
at java.lang.Thread.getContextClassLoader(Thread.java:1440)
at javax.xml.bind.ContextFinder.find(ContextFinder.java:416)
at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:633)
at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:580)
at javax.xml.bind.JAXB$Cache.<init>(JAXB.java:87)
at javax.xml.bind.JAXB.getContext(JAXB.java:114)
at javax.xml.bind.JAXB._marshal(JAXB.java:534)
at javax.xml.bind.JAXB.marshal(JAXB.java:407)
at
org.jboss.security.xacml.core.JBossRequestContext.setRequest(JBossRequestContext.java:92)
at
org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.getRequestContext(EJBXACMLUtil.java:154)
at
org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:122)
at
org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:66)
at
org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorizeEJBResource(CustomXACMLAuthorizationModule.java:163)
at
org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorize(CustomXACMLAuthorizationModule.java:94)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:227)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
at
org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at
org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at
org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318)
at
org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:268)
at
org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:121)
at
org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:117)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:117)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
...
{code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)