[jboss-jira] [JBoss JIRA] (WFLY-5989) Remoting requires FilePermission for XNIO and marshalling modules to run with security manager

Ondrej Kotek (JIRA) issues at jboss.org
Wed Jan 13 09:22:00 EST 2016 

     [ https://issues.jboss.org/browse/WFLY-5989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Kotek moved JBEAP-2771 to WFLY-5989:
-------------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-5989  (was: JBEAP-2771)
             Workflow: GIT Pull Request workflow   (was: CDW v1)
          Component/s: Remoting
                       Security Manager
                           (was: Remoting)
                           (was: Security Manager)
       Target Release:   (was: 7.0.0.GA)
    Affects Version/s: 10.0.0.CR5
                           (was: 7.0.0.ER4)


> Remoting requires FilePermission for XNIO and marshalling modules to run with security manager
> ----------------------------------------------------------------------------------------------
>
>                 Key: WFLY-5989
>                 URL: https://issues.jboss.org/browse/WFLY-5989
>             Project: WildFly
>          Issue Type: Bug
>          Components: Remoting, Security Manager
>    Affects Versions: 10.0.0.CR5
>            Reporter: Ondrej Kotek
>            Assignee: David Lloyd
>            Priority: Critical
>
> Running _NestedRemoteContextTestCase_ (from WildFly _testsuite/integration/basic_) with security manager, like
> {noformat}
> ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager
> {noformat}
> results in exception:
> {noformat}
> java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found
> {noformat}
> To make it work, permissions like following need to be added to _permissions.xml_ of  _ejb.ear_:
> {noformat}
> new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
> new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
> new RemotingPermission("createEndpoint"),
> new RuntimePermission("createXnioWorker"),
> new RemotingPermission("addConnectionProvider"),
> new RuntimePermission("modifyThread"),
> new RuntimePermission("accessDeclaredMembers"),
> new ReflectPermission("suppressAccessChecks")
> {noformat}
> which is very confusing.
> Why do I need add seemingly unrelated permissions, like _FilePermission_ for XNIO and marshalling or _RuntimePermission_ for createXnioWorker? Such behavior should be fixed or properly documented.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list