[jboss-jira] [JBoss JIRA] (WFCORE-3084) Permission check failed for RemotingPermission "createEndpoint" even if it is granted

Ondrej Lukas (JIRA) issues at jboss.org
Fri Jul 21 04:08:02 EDT 2017 

Ondrej Lukas created WFCORE-3084:
------------------------------------

             Summary: Permission check failed for RemotingPermission "createEndpoint" even if it is granted
                 Key: WFCORE-3084
                 URL: https://issues.jboss.org/browse/WFCORE-3084
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Critical


In case when deployment which needs RemotingPermission "createEndpoint" has granted "org.jboss.remoting3.security.RemotingPermission" "createEndpoint" in META-INT/permissions.xml then it still fails with:
{code}
java.io.IOException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/direct-call-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.direct-call-dep.war" from Service Module Loader")
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
	at com.redhat.eap.qe.elytron.authnctx.DirectCallServlet.doGet(DirectCallServlet.java:84)
	... 42 more
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/direct-call-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.direct-call-dep.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at org.jboss.remoting3.EndpointBuilder.build(EndpointBuilder.java:90)
	at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:128)
	at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60)
	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
	... 44 more
{code}

When {{java.security.AllPermission}} is granted to deployment (instead of RemotingPermission "createEndpoint") then it works fine. See 'Steps to Reproduce' for more details.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list