[jboss-jira] [JBoss JIRA] (ELY-1553) ElytronXmlParser.parseAuthenticationClientConfiguration() requires additional Permission when runs with Security Manager
Ondrej Lukas (JIRA)
issues at jboss.org
Tue Mar 27 04:54:01 EDT 2018
Ondrej Lukas created ELY-1553:
---------------------------------
Summary: ElytronXmlParser.parseAuthenticationClientConfiguration() requires additional Permission when runs with Security Manager
Key: ELY-1553
URL: https://issues.jboss.org/browse/ELY-1553
Project: WildFly Elytron
Issue Type: Bug
Affects Versions: 1.2.4.Final
Reporter: Ondrej Lukas
Attachments: WildflyConfigXmlReproducerServlet.war
There is a difference between required Permission for {{ElytronXmlParser.parseAuthenticationClientConfiguration()}} method in version 1.1.7.Final (JBoss EAP 7.1.0.GA) and 1.2.4.Final (JBoss EAP 7.2.0.CD12.CR1) when runs with Security Manager. Version 1.2.4.Final newly requires Permission {{java.security.SecurityPermission putProviderProperty.WildFlyElytron}}. It fails with following Exception:
{code}
java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "putProviderProperty.WildFlyElytron")" in code source "(vfs:/content/WildflyConfigXmlReproducerServlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.WildflyConfigXmlReproducerServlet.war" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1759)
at org.wildfly.security.manager.WildFlySecurityManager.checkSecurityAccess(WildFlySecurityManager.java:581)
at java.security.Provider.check(Provider.java:658)
at java.security.Provider.putService(Provider.java:1120)
at org.wildfly.security.WildFlyElytronProvider.putHttpAuthenticationMechanismImplementations(WildFlyElytronProvider.java:232)
at org.wildfly.security.WildFlyElytronProvider.<init>(WildFlyElytronProvider.java:142)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$static$0(ElytronXmlParser.java:131)
at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:159)
at org.wildfly.security.util.ProviderUtil$1.get(ProviderUtil.java:147)
at org.wildfly.security.auth.client.ElytronXmlParser$DeferredSupplier.get(ElytronXmlParser.java:2826)
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:116)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseClearPassword$49(ElytronXmlParser.java:2252)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$31(ElytronXmlParser.java:1065)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$38(ElytronXmlParser.java:1108)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$22(ElytronXmlParser.java:836)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$27(ElytronXmlParser.java:1042)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$26(ElytronXmlParser.java:884)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$11(ElytronXmlParser.java:716)
at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$12(ElytronXmlParser.java:742)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:351)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:227)
at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:188)
at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlReproducerServlet.java:51)
at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlReproducerServlet.doGet(WildflyConfigXmlReproducerServlet.java:44)
...
{code}
In case this change is expected then Release Notes Jira should be created.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list