[jboss-jira] [JBoss JIRA] (WFLY-7474) AccessControlException in OpenSSL initialization

Stuart Douglas (JIRA) issues at jboss.org
Wed Nov 9 17:15:00 EST 2016 

     [ https://issues.jboss.org/browse/WFLY-7474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas resolved WFLY-7474.
----------------------------------
    Fix Version/s: 11.0.0.Alpha1
       Resolution: Done


> AccessControlException in OpenSSL initialization
> ------------------------------------------------
>
>                 Key: WFLY-7474
>                 URL: https://issues.jboss.org/browse/WFLY-7474
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>            Reporter: Josef Cacek
>            Assignee: Stuart Douglas
>            Priority: Critical
>             Fix For: 11.0.0.Alpha1
>
>
> *Issue description*
> When starting server with security manager (i.e. with {{-secmgr}} argument), then OpenSSL initialization fails with 
> {code}
> java.lang.reflect.InvocationTargetException
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at org.wildfly.openssl.SSL.init(SSL.java:73)
> 	at org.wildfly.openssl.SSL.getInstance(SSL.java:49)
> 	at org.wildfly.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:59)
> 	at java.lang.Class.forName0(Native Method)
> 	at java.lang.Class.forName(Class.java:348)
> 	at io.undertow.protocols.alpn.OpenSSLAlpnProvider$1.run(OpenSSLAlpnProvider.java:47)
> 	at io.undertow.protocols.alpn.OpenSSLAlpnProvider$1.run(OpenSSLAlpnProvider.java:43)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at io.undertow.protocols.alpn.OpenSSLAlpnProvider.<clinit>(OpenSSLAlpnProvider.java:43)
> 	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> 	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> 	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> 	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> 	at java.lang.Class.newInstance(Class.java:442)
> 	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:380)
> 	at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323)
> 	at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409)
> 	at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> 	at io.undertow.protocols.alpn.ALPNManager.<init>(ALPNManager.java:40)
> 	at io.undertow.protocols.alpn.ALPNManager.<clinit>(ALPNManager.java:35)
> 	at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:64)
> 	at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:83)
> 	at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:75)
> 	at org.wildfly.extension.undertow.HttpsListenerService.createAlpnOpenListener(HttpsListenerService.java:101)
> 	at org.wildfly.extension.undertow.HttpsListenerService.createOpenListener(HttpsListenerService.java:86)
> 	at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:158)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "loadLibrary.wfssl")" in code source "(null <no signer certificates>)" of "org.wildfly.openssl.SSL$LibraryClassLoader at 37072772")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> 	at java.lang.SecurityManager.checkLink(SecurityManager.java:835)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkLink(WildFlySecurityManager.java:338)
> 	at java.lang.Runtime.loadLibrary0(Runtime.java:864)
> 	at java.lang.System.loadLibrary(System.java:1122)
> 	at org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:180)
> 	... 37 more
> {code}
> There could be a wrong class-loader used or {{doPrivileged()}} block missing, so the initializing code doesn't get the {{AllPermission}} (which is assigned to server modules).
> *Suggested improvement*
> * check and fix OpenSSL initialization, so it gets correct permissions



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list