[jboss-jira] [JBoss JIRA] (JBRULES-3540) .AccessControlException occurs when Rules are executed with drools-5.4

Abhishek Srivastava (JIRA) jira-events at lists.jboss.org
Tue Jun 12 11:10:05 EDT 2012 

     [ https://issues.jboss.org/browse/JBRULES-3540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Abhishek Srivastava updated JBRULES-3540:
-----------------------------------------

    Summary: .AccessControlException occurs when Rules are executed with drools-5.4  (was: .AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) )

    
> .AccessControlException occurs when Rules are executed with drools-5.4
> ----------------------------------------------------------------------
>
>                 Key: JBRULES-3540
>                 URL: https://issues.jboss.org/browse/JBRULES-3540
>             Project: Drools
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: drools-core
>    Affects Versions: 5.4.0.Final
>         Environment: Red Hat Enterprise Linux Server release 5.3 (Tikanga). JDK1.6.0_31
>            Reporter: Abhishek Srivastava
>            Assignee: Mark Proctor
>
> We are using drools to create a RuleEngine. The rules are specified using Excel sheet and are getting compiled properly. But when the rules are executed, the dynamically generated Java-classes are giving the following security exception:
> Stack trace:
> Detail: Exception executing consequence for rule "FSA_Unmapped_Line" in spike.rules: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
> at org.drools.runtime.rule.impl.DefaultConsequenceExceptionHandler.handleException(DefaultConsequenceExceptionHandler.java:39)
> at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1283)
> at org.drools.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1209)
> at org.drools.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1442)
> at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:710)
> at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:674)
> at com.xxx.yyy.process(RulesEngine.java:50)
> at com.xxx.yyy.performBaselineProcessing(AbstractRuleSource.java:366)
> at com.xxx.yyy.RuleSource$RuleProcess.run(RuleSource.java:81)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
> at java.security.AccessController.checkPermission(AccessController.java:546)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at com.xxx.yyy.LocalSecurityManager.checkPermission(LocalSecurityManager.java:37)
> at java.lang.ClassLoader.getParent(ClassLoader.java:1257)
> at org.drools.rule.JavaDialectRuntimeData$PackageClassLoader.loadClass(JavaDialectRuntimeData.java:583)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
> at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.defaultConsequence(Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.java:7)
> at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
> at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvoker.evaluate(Unknown Source)
> at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1273)
> ... 10 more 
> We are having a SecurityManager installed to manage the permissions. Please note that with drools-5.3.1, the RuleEngine was working fine and the issue started coming as soon as we migrated to version 5.4. We have tried to use JANINO java compiler, but that does not resolve the problem. Granting RuntimePermission to get/create ClassLoader is not an option as it will leave security loophole and we cannot do this.
> Kindly fix this issue in drools-5.4 and let us know an ETA for the patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list