[jboss-jira] [JBoss JIRA] (WFCORE-2593) DeploymentReflectionIndex requires additional permissions even if it is guarded by ServerPermission("createDeploymentReflectionIndex")

Ivo Studensky (JIRA) issues at jboss.org
Tue Mar 28 14:27:00 EDT 2017 

Ivo Studensky created WFCORE-2593:
-------------------------------------

             Summary: DeploymentReflectionIndex requires additional permissions even if it is guarded by ServerPermission("createDeploymentReflectionIndex")
                 Key: WFCORE-2593
                 URL: https://issues.jboss.org/browse/WFCORE-2593
             Project: WildFly Core
          Issue Type: Bug
          Components: Server
    Affects Versions: 3.0.0.Beta11
            Reporter: Ivo Studensky
            Assignee: Ivo Studensky


When running with Security Manager enabled, {{DeploymentReflectionIndex}} requires additional permissions (see below) even if its creation is guarded by {{ServerPermission("createDeploymentReflectionIndex")}}. 

Required additional permissions:
{noformat}
new RuntimePermission("accessDeclaredMembers")
new ReflectPermission("suppressAccessChecks"))
{noformat}

It is actually the constructor of {{ClassReflectionIndex}} invoked from {{DeploymentReflectionIndex#getClassIndex()}} method which requires these permissions.

This issue was catched by {{org.jboss.as.test.integration.pojo.test.BeanFactoryTestCase}}, see the stacktrace:
{noformat}
20:24:38,511 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.pojo.D.CREATE: org.jboss.msc.service.StartException in service jboss.pojo.D.CREATE: java.lang.reflect.InvocationTargetException
	at org.jboss.as.pojo.service.LifecyclePojoPhase.startInternal(LifecyclePojoPhase.java:51)
	at org.jboss.as.pojo.service.AbstractPojoPhase.start(AbstractPojoPhase.java:75)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.as.pojo.service.MethodJoinpoint.dispatch(MethodJoinpoint.java:41)
	at org.jboss.as.pojo.service.BeanUtils.dispatchLifecycleJoinpoint(BeanUtils.java:155)
	at org.jboss.as.pojo.service.LifecyclePojoPhase.dispatchJoinpoint(LifecyclePojoPhase.java:43)
	at org.jboss.as.pojo.service.LifecyclePojoPhase.startInternal(LifecyclePojoPhase.java:49)
	... 6 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.as.test.integration.pojo.support.D.create(D.java:36)
	... 14 more
Caused by: java.lang.RuntimeException: WFLYSRV0177: Error getting reflective information for class org.jboss.as.test.integration.pojo.support.B with ClassLoader ModuleClassLoader for Module "deployment.bean-factory.jar" from Service Module Loader
	at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:70)
	at org.jboss.as.pojo.service.DefaultBeanInfo.lookup(DefaultBeanInfo.java:78)
	at org.jboss.as.pojo.service.DefaultBeanInfo.getConstructor(DefaultBeanInfo.java:86)
	at org.jboss.as.pojo.service.BeanUtils.instantiateBean(BeanUtils.java:98)
	at org.jboss.as.pojo.descriptor.BaseBeanFactory.create(BaseBeanFactory.java:62)
	... 19 more
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessDeclaredMembers")" in code source "(vfs:/content/bean-factory.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.bean-factory.jar" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at java.lang.Class.checkMemberAccess(Class.java:2348)
	at java.lang.Class.getDeclaredFields(Class.java:1915)
	at org.jboss.as.server.deployment.reflect.ClassReflectionIndex.<init>(ClassReflectionIndex.java:72)
	at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:66)
	... 23 more
{noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list