[jboss-jira] [JBoss JIRA] (JBMESSAGING-1930) org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks

Derek Horton (JIRA) jira-events at lists.jboss.org
Fri Jul 13 12:48:13 EDT 2012 

     [ https://issues.jboss.org/browse/JBMESSAGING-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Derek Horton updated JBMESSAGING-1930:
--------------------------------------

    Attachment: JBPAPP-7335.patch

    
> org.jboss.jms.server.container.SecurityAspect.check is missing privileged blocks
> --------------------------------------------------------------------------------
>
>                 Key: JBMESSAGING-1930
>                 URL: https://issues.jboss.org/browse/JBMESSAGING-1930
>             Project: JBoss Messaging
>          Issue Type: Bug
>          Components: JMS Security
>    Affects Versions: 1.4.8.SP5
>            Reporter: Derek Horton
>            Assignee: Yong Hao Gao
>             Fix For: 1.4.8.SP8
>
>         Attachments: JBPAPP-7335.patch
>
>
> A customer is trying to use the Java security manager on EAP 5.0.1.  When the security manager is enabled, JBoss is throwing the following exception when they deploy their application that uses JMS:
> Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore#getSecurityMetadata[jboss.messaging:service=SecurityStore] invoke)
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>         at java.security.AccessController.checkPermission(AccessController.java:546)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>         at org.jboss.system.security.DebuggingJavaSecurityManager.checkPermission(DebuggingJavaSecurityManager.java:95)
>         at org.jboss.mx.server.MBeanServerImpl.checkMBeanPermission(MBeanServerImpl.java:1735)
>         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:663)
>         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
>         at $Proxy85.getSecurityMetadata(Unknown Source)
>         at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:285)
>         at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:113)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122)
>         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>         at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
>         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>         at org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java)
>         at org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:100)
>         at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:157)
>         at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:930)
>         at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
>         at org.jboss.remoting.Client.invoke(Client.java:2034)
>         at org.jboss.remoting.Client.invoke(Client.java:877)
>         at org.jboss.remoting.Client.invoke(Client.java:865)
>         at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189)
> I found a JIRA [1] that appears to resolve the issue in messaging versions 1.4.0.SP3.CP05, 1.4.1.GA, 1.4.2.GA.  I tried adding the following grant statement to the java security policy file, hoping that would resolve the issue.
>  
>   grant codeBase "file:${jboss.home.dir}/common/lib/jboss-messaging-int.jar" {
>      permission java.security.AllPermission;
>   };
> Unfortunately, it does not resolve the issue.
> I am also able to recreate the issue on EAP 5.1.0.
> [1] https://issues.jboss.org/browse/JBMESSAGING-1448

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list