[infinispan-issues] [JBoss JIRA] (ISPN-11121) Cache using single file store fails to start when security manager is enabled

Dan Berindei (Jira) issues at jboss.org
Tue Jan 7 10:39:57 EST 2020 

    [ https://issues.redhat.com/browse/ISPN-11121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13942916#comment-13942916 ] 

Dan Berindei commented on ISPN-11121:
-------------------------------------

Technically it's not a regression because we don't make any fomal guarantees that {{SingleFileStore}} works when {{org.infinispan}} has access to the store location, but the rest of the application doesn't. But it would be a good thing if we did guarantee that {{SingleFileStore}} works when {{org.infinispan.persistence.file}} has access to the store location, and the same with {{SoftIndexFileStore}}.

FWIW {{RocksDBStore}} is all-or-nothing, once you grant {{loadLibrary.rocksdbjni}} the store can be in any (user-accessible) directory.

> Cache using single file store fails to start when security manager is enabled
> -----------------------------------------------------------------------------
>
>                 Key: ISPN-11121
>                 URL: https://issues.redhat.com/browse/ISPN-11121
>             Project: Infinispan
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 9.4.17.Final
>            Reporter: Paul Ferraro
>            Assignee: Dan Berindei
>            Priority: Critical
>
> After upgrading to 9.4.17.Final, caches using a single file store throw a AccessControlException on startup.  This looks like a regression introduced by the fix for ISPN-9600, which no longer performs component start within a privileged action.
> {noformat}
> &amp#27;[0m&amp#27;[31m07:21:37,237 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 20) MSC000001: Failed to start service jboss.deployment.unit."XSiteSimpleTestCase.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."XSiteSimpleTestCase.war".undertow-deployment: org.infinispan.commons.CacheException: Unable to invoke method public void org.infinispan.persistence.manager.PersistenceManagerImpl.start() on object of type PersistenceManagerImpl
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> 	at java.lang.Thread.run(Thread.java:748)
> 	at org.jboss.threads.JBossThread.run(JBossThread.java:485)
> Caused by: org.infinispan.commons.CacheException: Unable to invoke method public void org.infinispan.persistence.manager.PersistenceManagerImpl.start() on object of type PersistenceManagerImpl
> 	at org.infinispan.commons.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:193)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:520)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> 	at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> 	at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:428)
> 	at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:325)
> 	at org.infinispan.factories.ComponentRegistry.start(ComponentRegistry.java:165)
> 	at org.infinispan.cache.impl.CacheImpl.start(CacheImpl.java:1110)
> 	at org.infinispan.cache.impl.AbstractDelegatingCache.start(AbstractDelegatingCache.java:511)
> 	at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:660)
> 	at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:604)
> 	at org.infinispan.manager.DefaultCacheManager.internalGetCache(DefaultCacheManager.java:487)
> 	at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:440)
> 	at org.jboss.as.clustering.infinispan.DefaultCacheContainer.getCache(DefaultCacheContainer.java:86)
> 	at org.jboss.as.test.clustering.cluster.xsite.CacheAccessServlet.init(CacheAccessServlet.java:97)
> 	at javax.servlet.GenericServlet.init(GenericServlet.java:180)
> 	at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
> 	at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
> 	at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
> 	at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
> 	at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
> 	at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
> 	at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
> 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
> 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> 	at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
> 	... 8 more
> Caused by: org.infinispan.commons.CacheException: Unable to start cache loaders
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.start(PersistenceManagerImpl.java:182)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at org.infinispan.commons.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:188)
> 	... 51 more
> Caused by: org.infinispan.persistence.spi.PersistenceException: ISPN000527: Maximum startup attempts exceeded for store org.infinispan.persistence.file.SingleFileStore
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.startStore(PersistenceManagerImpl.java:1082)
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.startWriter(PersistenceManagerImpl.java:1031)
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.lambda$start$0(PersistenceManagerImpl.java:164)
> 	at java.util.ArrayList.forEach(ArrayList.java:1257)
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.start(PersistenceManagerImpl.java:164)
> 	... 56 more
> Caused by: org.infinispan.persistence.spi.PersistenceException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/work/tc-work/bb15431f347cd651/testsuite/integration/clustering/target/wildfly-1/standalone/data/infinispan/web/dist.dat" "read")" in code source "(vfs:/content/XSiteSimpleTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.XSiteSimpleTestCase.war" from Service Module Loader")
> 	at org.infinispan.persistence.file.SingleFileStore.start(SingleFileStore.java:136)
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.lambda$startWriter$22(PersistenceManagerImpl.java:1039)
> 	at org.infinispan.persistence.manager.PersistenceManagerImpl.startStore(PersistenceManagerImpl.java:1068)
> 	... 60 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/work/tc-work/bb15431f347cd651/testsuite/integration/clustering/target/wildfly-1/standalone/data/infinispan/web/dist.dat" "read")" in code source "(vfs:/content/XSiteSimpleTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.XSiteSimpleTestCase.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:303)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:200)
> 	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:368)
> 	at java.io.File.exists(File.java:814)
> 	at org.infinispan.persistence.file.SingleFileStore.start(SingleFileStore.java:109)
> 	... 62 more
> {noformat}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the infinispan-issues mailing list