[jboss-jira] [JBoss JIRA] (WFLY-3651) permissions.xml is not used

Alex Hinrichs (JIRA) issues at jboss.org
Mon Oct 27 06:13:35 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-3651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13015194#comment-13015194 ] 

Alex Hinrichs commented on WFLY-3651:
-------------------------------------

I've reproduced the issue on Win 7, JDK 1.8.0_25, Wildfly 8.1.0 Final, Wildfly 9.0.0 Alpha 1:
- clean installation of JDK and Wildfly
- JAVA_OPTS:
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.manager=default
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.policy=/tmp/test.policy
set JAVA_OPTS=%JAVA_OPTS% -Djboss.home.dir=/tmp/wildfly-8.1.0.Final
set JAVA_OPTS=%JAVA_OPTS% -Djboss.server.home.dir=/tmp/wildfly-8.1.0.Final
- attached WAR deployed by copying it to folder "deployments"
- test.policy does NOT grant PropertyPermission/java.home/read to WAR
- request on /JSMCheckServlet returns: Java Security Manager is enabled
- request on /SysPropServlet returns: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.home" "read")
- in WAR: META-INF/permissions.xml contains:
<permission>
  <class-name>java.util.PropertyPermission</class-name>
  <name>*</name>
  <actions>read,write</actions>
</pemission>

As soon as I turn on the JVM security manager because of EE7 spec EE.6.2.2.6 IMHO the permissions.xml should be checked at deploy time, the given permission should be tested and this WAR should NOT be deployed!

I also tested with other permissions (AllPermissions, ...) and permissions in jboss-permissions.xml with the same result. Seems that permissions given in (jboss-)permissions.xml are not checked at deploy time.

> permissions.xml is not used
> ---------------------------
>
>                 Key: WFLY-3651
>                 URL: https://issues.jboss.org/browse/WFLY-3651
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security Manager
>    Affects Versions: 8.1.0.Final
>         Environment: Fedora 20, jdk1.7.0_60
>            Reporter: Ondrej Kotek
>            Assignee: Stefan Guilhen
>            Priority: Blocker
>         Attachments: permissions-bug-1.0-SNAPSHOT.war
>
>
> With security manager turned on, an application cannot use permissions allowed by permissions.xml configuration -- against EE 7 specification. 



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list