[jboss-jira] [JBoss JIRA] (WFLY-11340) Tests in org.jboss.as.test.integration.microprofile.opentracing failing with security manager

James Perkins (Jira) issues at jboss.org
Tue Nov 27 14:49:00 EST 2018 

    [ https://issues.jboss.org/browse/WFLY-11340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13667078#comment-13667078 ] 

James Perkins commented on WFLY-11340:
--------------------------------------

The permissions for all, minus the {{SimpleRestClientTestCase}}, tests in the original PR were correct. I created an updated PR to use the permissions utility and reduce the permissions in the {{SimpleRestClientTestCase}}.

One thing I will note is the {{javax.ws.rs.client.FactoryFinder.find()}} may need to be privileged. Otherwise any client using the {{javax.ws.rs.client.ClientBuilder.newBuilder()}} won't be able to load any service implementations. Same goes for the {{org.eclipse.microprofile.opentracing.ClientTracingRegistrar.configure()}} as well. These could be considered bugs in their respective projects.

Same goes for the {{new RuntimePermission("accessDeclaredMembers")}} for Jackson. It executes the following during initialization and should also likely use a privileged action.
{code:java}
private static NoContentExceptionSupplier _createNoContentExceptionSupplier() {
    try {
        Class cls = Class.forName(CLASS_NAME_NO_CONTENT_EXCEPTION);
        Constructor<?> ctor = cls.getDeclaredConstructor(String.class);
        if (ctor != null) {
            return new JaxRS2NoContentExceptionSupplier();
        } else {
            return new JaxRS1NoContentExceptionSupplier();
        }
    } catch (ClassNotFoundException ex) {
        return new JaxRS1NoContentExceptionSupplier();
    } catch (NoSuchMethodException e) {
        return new JaxRS1NoContentExceptionSupplier();
    }
}
{code}

> Tests in org.jboss.as.test.integration.microprofile.opentracing failing with security manager
> ---------------------------------------------------------------------------------------------
>
>                 Key: WFLY-11340
>                 URL: https://issues.jboss.org/browse/WFLY-11340
>             Project: WildFly
>          Issue Type: Bug
>          Components: MP OpenTracing, Test Suite
>    Affects Versions: 14.0.0.Final
>            Reporter: Martin Choma
>            Assignee: Jan Stourac
>            Priority: Major
>              Labels: security-manager
>
> These tests fail with security manager from package org.jboss.as.test.integration.microprofile.opentracing 
> * ResourceNotTracedTestCase.notTracedEndpointYieldsNoSpans  	
> * ResourceTracedTestCase.tracedEndpointYieldsSpan  	
> * ResourceWithCDITestCase.tracedEndpointYieldsSpan  	
> * ResourceWithCustomOperationNameBeanTestCase.customOperationName  	
> * SimpleRestClientTestCase.clientRequestSpanJoinsServer
> {noformat}
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "modifyThread")" in code source "(vfs:/content/3f3aff01-8e62-42e9-81c0-022f693ec7e0.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.3f3aff01-8e62-42e9-81c0-022f693ec7e0.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at java.util.concurrent.ThreadPoolExecutor.checkShutdownAccess(ThreadPoolExecutor.java:742)
> 	at java.util.concurrent.ThreadPoolExecutor.shutdownNow(ThreadPoolExecutor.java:1429)
> 	at java.util.concurrent.Executors$DelegatedExecutorService.shutdownNow(Executors.java:670)
> 	at org.jboss.as.test.integration.common.HttpRequest.execute(HttpRequest.java:63)
> 	at org.jboss.as.test.integration.common.HttpRequest.get(HttpRequest.java:82)
> 	at org.jboss.as.test.integration.microprofile.opentracing.ResourceNotTracedTestCase.performCall(ResourceNotTracedTestCase.java:63)
> 	at org.jboss.as.test.integration.microprofile.opentracing.ResourceNotTracedTestCase.notTracedEndpointYieldsNoSpans(ResourceNotTracedTestCase.java:57)
> {noformat}
> As stacktrace is from test side and tests are missing @RunAsClient, I believe tests are running in container. [~juraci.costa] is this really intent tests are missing @RunAsClient annotation?



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list