[jboss-jira] [JBoss JIRA] (SECURITY-989) org.jboss.security.xacml.core.JBossRequestContext.setRequest needs privileged block
Jan Kalina (JIRA)
issues at jboss.org
Wed Apr 11 07:09:00 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina updated SECURITY-989:
--------------------------------
Description:
Need to add privileged block:
{code}
2018-04-09 21:56:27,737 ERROR [org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule] (pool-8-thread-1) Exception in processing:: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-custom-xacml.jar" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
at java.lang.Thread.getContextClassLoader(Thread.java:1440)
at javax.xml.bind.ContextFinder.find(ContextFinder.java:416)
at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:633)
at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:580)
at javax.xml.bind.JAXB$Cache.<init>(JAXB.java:87)
at javax.xml.bind.JAXB.getContext(JAXB.java:114)
at javax.xml.bind.JAXB._marshal(JAXB.java:534)
at javax.xml.bind.JAXB.marshal(JAXB.java:407)
at org.jboss.security.xacml.core.JBossRequestContext.setRequest(JBossRequestContext.java:92)
at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.getRequestContext(EJBXACMLUtil.java:154)
at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:122)
at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:66)
at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorizeEJBResource(CustomXACMLAuthorizationModule.java:163)
at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorize(CustomXACMLAuthorizationModule.java:94)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:227)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318)
at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:268)
at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:121)
at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:117)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:117)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
...
{code}
was:
The {{org.jboss.as.test.shared.integration.ejb.security.Util#switchIdentity(java.lang.String, java.lang.String, java.util.concurrent.Callable<T>, boolean, boolean, java.lang.ClassLoader)}} method in particular needs privileged blocks for reading and setting the class loader and getting the security domain.
Example stack:
{noformat}
java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")" in code source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-custom-xacml.jar" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:160)
at org.jboss.as.test.shared.integration.ejb.security.Util.switchIdentity(Util.java:238)
at org.jboss.as.test.shared.integration.ejb.security.Util.switchIdentity(Util.java:206)
at org.jboss.as.test.shared.integration.ejb.security.Util.switchIdentitySCF(Util.java:302)
at org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase.testNotAuthz(EjbXACMLAuthorizationModuleTestCase.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379)
at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136)
at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372)
at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246)
at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260)
at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324)
at org.jboss.arquillian.container.test.impl.execution.BeforeLifecycleEventExecuter.on(BeforeLifecycleEventExecuter.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159)
at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205)
at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66)
at org.jboss.arquillian.protocol.jmx.JMXTestRunner.doRunTestMethod(JMXTestRunner.java:180)
at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.doRunTestMethod(ArquillianService.java:200)
at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethodInternal(JMXTestRunner.java:162)
at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethod(JMXTestRunner.java:141)
at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.runTestMethod(ArquillianService.java:176)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71)
at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275)
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112)
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46)
at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237)
at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138)
at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.invoke(PluggableMBeanServerImpl.java:1475)
at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:724)
at org.jboss.as.jmx.BlockingNotificationMBeanServer.invoke(BlockingNotificationMBeanServer.java:168)
at org.jboss.as.jmx.AuthorizingMBeanServer.invoke(AuthorizingMBeanServer.java:258)
at org.jboss.remotingjmx.protocol.v2.ServerProxy$InvokeHandler.handle(ServerProxy.java:950)
at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1$1.run(ServerCommon.java:153)
at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:71)
at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:66)
at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287)
at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244)
at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor.handleEvent(ServerInterceptorFactory.java:66)
at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1.run(ServerCommon.java:149)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{noformat}
CC [~fjuma]
> org.jboss.security.xacml.core.JBossRequestContext.setRequest needs privileged block
> -----------------------------------------------------------------------------------
>
> Key: SECURITY-989
> URL: https://issues.jboss.org/browse/SECURITY-989
> Project: PicketBox
> Issue Type: Bug
> Reporter: Jan Kalina
> Assignee: Jan Kalina
>
> Need to add privileged block:
> {code}
> 2018-04-09 21:56:27,737 ERROR [org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule] (pool-8-thread-1) Exception in processing:: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-custom-xacml.jar" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
> at java.lang.Thread.getContextClassLoader(Thread.java:1440)
> at javax.xml.bind.ContextFinder.find(ContextFinder.java:416)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:633)
> at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:580)
> at javax.xml.bind.JAXB$Cache.<init>(JAXB.java:87)
> at javax.xml.bind.JAXB.getContext(JAXB.java:114)
> at javax.xml.bind.JAXB._marshal(JAXB.java:534)
> at javax.xml.bind.JAXB.marshal(JAXB.java:407)
> at org.jboss.security.xacml.core.JBossRequestContext.setRequest(JBossRequestContext.java:92)
> at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.getRequestContext(EJBXACMLUtil.java:154)
> at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:122)
> at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:66)
> at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorizeEJBResource(CustomXACMLAuthorizationModule.java:163)
> at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorize(CustomXACMLAuthorizationModule.java:94)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:227)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
> at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
> at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
> at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318)
> at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:268)
> at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:121)
> at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:117)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:117)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list