[jboss-jira] [JBoss JIRA] (JBMESSAGING-1930) org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks
Derek Horton (JIRA)
jira-events at lists.jboss.org
Fri Jul 13 12:43:12 EDT 2012
[ https://issues.jboss.org/browse/JBMESSAGING-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Derek Horton moved JBPAPP-9509 to JBMESSAGING-1930:
---------------------------------------------------
Project: JBoss Messaging (was: JBoss Enterprise Application Platform)
Key: JBMESSAGING-1930 (was: JBPAPP-9509)
Issue Type: Bug (was: Support Patch)
Workflow: jira (was: JBoss Platforms Support Case Workflow v1)
Release Notes Text: (was: CAUSE
This only affects customers who are using the Java Security Manager
and Message Driven Beans. The JBoss Messaging code is missing
privileged blocks.
CONSEQUENCE
Message Driven Beans will fail to execute because of security exceptions.
FIX
Add the correct privileged blocks to the JBoss Messaging code.
RESULT
Message Driven Beans will work if the Java Security Manager is used.
)
Fix Version/s: 1.4.8.SP8
(was: TBD EAP 5)
Security: (was: JBoss Internal)
Docs QE Status: (was: NEW)
Affects Version/s: 1.4.8.SP5
(was: EAP_EWP 5.1.0)
(was: EAP 5.0.1)
(was: EAP_EWP 5.1.2)
Workaround Description: N/A
Support Case Reference: (was: https://na7.salesforce.com/500A0000007AwT4)
SVN / CVS Isolated Branch: (was: https://svn.jboss.org/repos/messaging/branches/JBossMessaging_1_4_6_GA_JBPAPP-6739)
Component/s: JMS Security
(was: Messaging)
Steps to Reproduce:
- enable the Java Security Manager
- deploy a message driven bean
> org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks
> --------------------------------------------------------------------------------
>
> Key: JBMESSAGING-1930
> URL: https://issues.jboss.org/browse/JBMESSAGING-1930
> Project: JBoss Messaging
> Issue Type: Bug
> Components: JMS Security
> Affects Versions: 1.4.8.SP5
> Reporter: Derek Horton
> Assignee: Derek Horton
> Fix For: 1.4.8.SP8
>
>
> A customer is trying to use the Java security manager on EAP 5.0.1. When the security manager is enabled, JBoss is throwing the following exception when they deploy their application that uses JMS:
> Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore#getSecurityMetadata[jboss.messaging:service=SecurityStore] invoke)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at java.security.AccessController.checkPermission(AccessController.java:546)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at org.jboss.system.security.DebuggingJavaSecurityManager.checkPermission(DebuggingJavaSecurityManager.java:95)
> at org.jboss.mx.server.MBeanServerImpl.checkMBeanPermission(MBeanServerImpl.java:1735)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:663)
> at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
> at $Proxy85.getSecurityMetadata(Unknown Source)
> at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:285)
> at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:113)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java)
> at org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:100)
> at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:157)
> at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:930)
> at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
> at org.jboss.remoting.Client.invoke(Client.java:2034)
> at org.jboss.remoting.Client.invoke(Client.java:877)
> at org.jboss.remoting.Client.invoke(Client.java:865)
> at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189)
> I found a JIRA [1] that appears to resolve the issue in messaging versions 1.4.0.SP3.CP05, 1.4.1.GA, 1.4.2.GA. I tried adding the following grant statement to the java security policy file, hoping that would resolve the issue.
>
> grant codeBase "file:${jboss.home.dir}/common/lib/jboss-messaging-int.jar" {
> permission java.security.AllPermission;
> };
> Unfortunately, it does not resolve the issue.
> I am also able to recreate the issue on EAP 5.1.0.
> [1] https://issues.jboss.org/browse/JBMESSAGING-1448
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list