[jboss-jira] [JBoss JIRA] (SECURITY-989) org.jboss.security.xacml.core.JBossRequestContext.setRequest needs privileged block

Jan Kalina (JIRA) issues at jboss.org
Wed Apr 11 07:10:00 EDT 2018 

     [ https://issues.jboss.org/browse/SECURITY-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated SECURITY-989:
--------------------------------
    Git Pull Request: https://github.com/picketbox/security-xacml/pull/10


> org.jboss.security.xacml.core.JBossRequestContext.setRequest needs privileged block
> -----------------------------------------------------------------------------------
>
>                 Key: SECURITY-989
>                 URL: https://issues.jboss.org/browse/SECURITY-989
>             Project: PicketBox 
>          Issue Type: Bug
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> Need to add privileged block:
> {code}
> 2018-04-09 21:56:27,737 ERROR [org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule] (pool-8-thread-1) Exception in processing:: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test-custom-xacml.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-custom-xacml.jar" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> 	at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
> 	at java.lang.Thread.getContextClassLoader(Thread.java:1440)
> 	at javax.xml.bind.ContextFinder.find(ContextFinder.java:416)
> 	at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:633)
> 	at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:580)
> 	at javax.xml.bind.JAXB$Cache.<init>(JAXB.java:87)
> 	at javax.xml.bind.JAXB.getContext(JAXB.java:114)
> 	at javax.xml.bind.JAXB._marshal(JAXB.java:534)
> 	at javax.xml.bind.JAXB.marshal(JAXB.java:407)
> 	at org.jboss.security.xacml.core.JBossRequestContext.setRequest(JBossRequestContext.java:92)
> 	at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.getRequestContext(EJBXACMLUtil.java:154)
> 	at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:122)
> 	at org.jboss.security.authorization.modules.ejb.EJBXACMLUtil.createXACMLRequest(EJBXACMLUtil.java:66)
> 	at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorizeEJBResource(CustomXACMLAuthorizationModule.java:163)
> 	at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.authorize(CustomXACMLAuthorizationModule.java:94)
> 	at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:227)
> 	at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
> 	at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
> 	at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
> 	at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
> 	at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318)
> 	at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:268)
> 	at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:121)
> 	at org.jboss.as.ejb3.security.AuthorizationInterceptor$1.run(AuthorizationInterceptor.java:117)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:117)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list