[jboss-jira] [JBoss JIRA] (WFCORE-3084) Permission check failed for RemotingPermission "createEndpoint" even if it is granted
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jul 21 04:09:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated WFCORE-3084:
---------------------------------
Affects Version/s: 3.0.0.Beta28
> Permission check failed for RemotingPermission "createEndpoint" even if it is granted
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-3084
> URL: https://issues.jboss.org/browse/WFCORE-3084
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta28
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
>
> In case when deployment which needs RemotingPermission "createEndpoint" has granted "org.jboss.remoting3.security.RemotingPermission" "createEndpoint" in META-INT/permissions.xml then it still fails with:
> {code}
> java.io.IOException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/direct-call-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.direct-call-dep.war" from Service Module Loader")
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
> at com.redhat.eap.qe.elytron.authnctx.DirectCallServlet.doGet(DirectCallServlet.java:84)
> ... 42 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/direct-call-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.direct-call-dep.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at org.jboss.remoting3.EndpointBuilder.build(EndpointBuilder.java:90)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:128)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> ... 44 more
> {code}
> When {{java.security.AllPermission}} is granted to deployment (instead of RemotingPermission "createEndpoint") then it works fine. See 'Steps to Reproduce' for more details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list