[arquillian-issues] [JBoss JIRA] (ARQ-2204) wildfly security manager jboss modules permissions setup

r searls (Jira) issues at jboss.org
Sat May 25 19:54:00 EDT 2019 

r searls created ARQ-2204:
-----------------------------

             Summary: wildfly security manager jboss modules permissions setup
                 Key: ARQ-2204
                 URL: https://issues.jboss.org/browse/ARQ-2204
             Project: Arquillian
          Issue Type: Bug
          Components: core
    Affects Versions: 1.4.0.Final
         Environment: 	Fedora 28
	Apache Maven 3.3.9 
	Java version: 11.0.2, vendor: Oracle Corporation
	Resteasy: 4.1.0-SNAPSHOT
	wfly: wildfly-17.0.0.Beta1-SNAPSHOT
            Reporter: r searls
         Attachments: List-10-ProtectionDomains.txt, xJira-sm-debug-flag.zip


Arquillian is not registering all the security permissions required to run resteasy tests on wildfly with
the sercurity manager enabled.

There are 24+ Resteasy testsuite tests failing when run with the security manager.
These tests are running in the container (i.e. using the @RunWith(Arquillian.class) annotation.
The @RunAsClient is not being used.)

The exception thrown is,

Caused by: java.lang.ClassNotFoundException: org.glassfish.jersey.client.JerseyClientBuilder from
    [Module "javax.ws.rs.api" version 1.0.2.Final from local module loader @4b3ed2f0
    (finder: local module finder @4fad9bb2
    (roots: /home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules,/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/layers/base,/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/add-ons/spring))]
    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
    at java.base/java.lang.Class.forName0(Native Method)
    at java.base/java.lang.Class.forName(Class.java:315)
    at javax.ws.rs.api at 1.0.2.Final//javax.ws.rs.client.FactoryFinder.newInstance(FactoryFinder.java:119)
    at javax.ws.rs.api at 1.0.2.Final//javax.ws.rs.client.FactoryFinder.find(FactoryFinder.java:226)
    at javax.ws.rs.api at 1.0.2.Final//javax.ws.rs.client.ClientBuilder.newBuilder(ClientBuilder.java:96)

This is due to a missing ProtectionDomain with ("<all permissions>" "<all actions>") for
/home/rsearls/j1/wildfly/dist/target/wildfly-17.0.0.Beta1-SNAPSHOT/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-4.1.0-SNAPSHOT.jar

When wildfly starts up (with or without the security manager) it registers a ProtectionDomain with ("<all permissions>" 
"<all actions>" for each jar in the wildfly-17.0.0.Beta1-SNAPSHOT/modules/system. These ProtectionDomains are active when the Resteasy container runs.  When Arquillian runs only 10 ProtectionDomains are defined (see attachment List-10-ProtectionDomains.txt).   This appears to be the cause of the problem.





--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the arquillian-issues mailing list