[jboss-jira] [JBoss JIRA] (WFLY-6469) Some tests from "org.jboss.as.test.integration.security.xacml.*" fail with security manager
Jan Tymel (JIRA)
issues at jboss.org
Mon Apr 11 06:31:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189667#comment-13189667 ]
Jan Tymel commented on WFLY-6469:
---------------------------------
*EjbXACMLAuthorizationModuleTestCase* is missing following permissions:
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read")
* RuntimePermission("accessDeclaredMembers")
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/org/jboss/security/xacml/main/jbossxacml-2.0.8.Final.jar", "read")
* ReflectPermission("suppressAccessChecks")
* RuntimePermission("getClassLoader")
It appears to be not only test issue. This issue needs deeper investigation
Other test cases miss following permissions:
*JBossPDPServletInitializationTestCase*
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read")
* RuntimePermission("accessDeclaredMembers")
* FilePermission("org/jboss/as/test/integration/security/xacml/testobjects/policies/xacml-policySet.xml", "read")
*WebXACMLAuthorizationModuleTestCase*
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read")
* RuntimePermission("accessDeclaredMembers")
* ReflectPermission("suppressAccessChecks")
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/org/jboss/security/xacml/main/jbossxacml-2.0.8.Final.jar", "read")
* RuntimePermission("getClassLoader")
*JBossPDPInteroperabilityTestCase*
* FilePermission("(...)/wildfly/dist/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar", "read"),
* RuntimePermission("accessDeclaredMembers"),
* ReflectPermission("suppressAccessChecks"),
* FilePermission("org/jboss/as/test/integration/security/xacml/testobjects/policies/xacml-policySet.xml", "read"),
* FilePermission("test-JBossPDP-Med", "read,write,delete"),
* PropertyPermission("user.dir", "read"),
* FilePermission("test-JBossPDP-Med/med-example-policySet.xml", "read,write,delete"),
* FilePermission("test-JBossPDP-Med/med-example-policySet2.xml", "read,write,delete"),
* RuntimePermission("getClassLoader")
In case that in "testPoliciesLoadedFromDir" test is in variable "policyDir" assigned "test-JBossPDP-Med" directory
> Some tests from "org.jboss.as.test.integration.security.xacml.*" fail with security manager
> -------------------------------------------------------------------------------------------
>
> Key: WFLY-6469
> URL: https://issues.jboss.org/browse/WFLY-6469
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Jan Tymel
> Assignee: Jan Tymel
>
> *org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase#testAuthenticationCache*
> *org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase#testAuthz*
> *org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase#testNotAuthn*
> *org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase#testNotAuthz*
> {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase -Dsecurity.manager}}
> Fail with:
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/test/jboss-eap-7.0.0.ER7/dist/target/jboss-eap-7.0/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.redhat-4.jar" "read")" in code source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
> at java.util.zip.ZipFile.<init>(ZipFile.java:210)
> at java.util.zip.ZipFile.<init>(ZipFile.java:149)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
> at java.net.URL.openStream(URL.java:1045)
> at javax.xml.bind.ContextFinder.find(ContextFinder.java:292)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375)
> at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126)
> ... 202 more
> {code}
> *org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase#testInteropTestWithObjects*
> *org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase#testInteropTestWithXMLRequests*
> *org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase#testPoliciesLoadedFromDir*
> {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase -Dsecurity.manager}}
> Fail with:
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/test/jboss-eap-7.0.0.ER7/dist/target/jboss-eap-7.0/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.redhat-4.jar" "read")" in code source "(vfs:/content/pdp-service-bean.jar <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
> at java.util.zip.ZipFile.<init>(ZipFile.java:210)
> at java.util.zip.ZipFile.<init>(ZipFile.java:149)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
> at java.net.URL.openStream(URL.java:1045)
> at javax.xml.bind.ContextFinder.find(ContextFinder.java:292)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375)
> at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126)
> ... 152 more
> {code}
> *org.jboss.as.test.integration.security.xacml.JBossPDPServletInitializationTestCase#testPdpServlet*
> {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.security.xacml.JBossPDPServletInitializationTestCase#testPdpServlet -Dsecurity.manager}}
> Fails with:
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/test/jboss-eap-7.0.0.ER7/dist/target/jboss-eap-7.0/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.redhat-4.jar" "read")" in code source "(vfs:/content/pdp-service-bean.war/WEB-INF/classes <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
> at java.util.zip.ZipFile.<init>(ZipFile.java:210)
> at java.util.zip.ZipFile.<init>(ZipFile.java:149)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
> at java.net.URL.openStream(URL.java:1045)
> at javax.xml.bind.ContextFinder.find(ContextFinder.java:292)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375)
> at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126)
> ... 34 more
> {code}
> *org.jboss.as.test.integration.security.xacml.WebXACMLAuthorizationModuleTestCase#testWebUsingCustomXACMLAuthz*
> {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.security.xacml.WebXACMLAuthorizationModuleTestCase#testWebUsingCustomXACMLAuthz -Dsecurity.manager}}
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/test/jboss-eap-7.0.0.ER7/dist/target/jboss-eap-7.0/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.redhat-4.jar" "read")" in code source "(vfs:/content/custom-xacml-web-test.war/WEB-INF/classes <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
> at java.util.zip.ZipFile.<init>(ZipFile.java:210)
> at java.util.zip.ZipFile.<init>(ZipFile.java:149)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
> at java.net.URL.openStream(URL.java:1045)
> at javax.xml.bind.ContextFinder.find(ContextFinder.java:292)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375)
> at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126)
> ... 44 more
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list