[jboss-jira] [JBoss JIRA] (WFLY-9025) It is not possible to add new Elytron policy after adding and removing it first
Jan Kašík (JIRA)
issues at jboss.org
Thu Jun 29 05:18:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-9025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kašík updated WFLY-9025:
----------------------------
Description:
Adding new Elytron policy fails if it was previously added and then removed. Next adding fails [1] and with exception [2] in server.log.
{code}
[standalone at localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
{
"outcome" => "failed",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
},
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}},
"rolled-back" => true
}
{code}
[2]
{code}
2017-06-29 11:08:35,700 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.policy: org.jboss.msc.service.StartException in service org.wildfly.security.policy: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:177)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
... 3 more
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:126)
at java.security.Policy.addStaticPerms(Policy.java:686)
at java.security.Policy.getPermissions(Policy.java:673)
at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
at java.security.Policy.initPolicy(Policy.java:327)
at java.security.Policy.setPolicy(Policy.java:270)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.lambda$setPolicyAction$0(PolicyDefinitions.java:201)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.setPolicy(PolicyDefinitions.java:195)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:173)
... 5 more
2017-06-29 11:08:35,701 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("policy" => "jacc")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}}
{code}
was:
Adding new Elytron policy fails if it was previously added and then removed. Next adding fails [1].
{code}
[standalone at localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
{
"outcome" => "failed",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
},
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}},
"rolled-back" => true
}
{code}
> It is not possible to add new Elytron policy after adding and removing it first
> -------------------------------------------------------------------------------
>
> Key: WFLY-9025
> URL: https://issues.jboss.org/browse/WFLY-9025
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Jan Kašík
>
> Adding new Elytron policy fails if it was previously added and then removed. Next adding fails [1] and with exception [2] in server.log.
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
> {
> "outcome" => "failed",
> "response-headers" => {
> "operation-requires-reload" => true,
> "process-state" => "reload-required"
> },
> "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
> Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
> Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}},
> "rolled-back" => true
> }
> {code}
> [2]
> {code}
> 2017-06-29 11:08:35,700 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.policy: org.jboss.msc.service.StartException in service org.wildfly.security.policy: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
> at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:177)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
> at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:126)
> at java.security.Policy.addStaticPerms(Policy.java:686)
> at java.security.Policy.getPermissions(Policy.java:673)
> at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
> at java.security.Policy.initPolicy(Policy.java:327)
> at java.security.Policy.setPolicy(Policy.java:270)
> at org.wildfly.extension.elytron.PolicyDefinitions$1$1.lambda$setPolicyAction$0(PolicyDefinitions.java:201)
> at org.wildfly.extension.elytron.PolicyDefinitions$1$1.setPolicy(PolicyDefinitions.java:195)
> at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:173)
> ... 5 more
> 2017-06-29 11:08:35,701 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("policy" => "jacc")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
> Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy at 502d9a84]
> Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}}
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list