[jboss-jira] [JBoss JIRA] (WFLY-12455) Update permission names in tests to fix failures that occur with the security manager enabled

Farah Juma (Jira) issues at jboss.org
Thu Aug 29 14:26:00 EDT 2019 

Farah Juma created WFLY-12455:
---------------------------------

             Summary: Update permission names in tests to fix failures that occur with the security manager enabled
                 Key: WFLY-12455
                 URL: https://issues.jboss.org/browse/WFLY-12455
             Project: WildFly
          Issue Type: Task
          Components: Test Suite
            Reporter: Farah Juma
            Assignee: Farah Juma


The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:

PolicyContextTestCase.testHttpServletRequestFromPolicyContext
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
 at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
 at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}
 
AuthenticationPolicyContextTestCase.test
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}

The above two failures are occurring because {{PolicyContext.getContext}} now checks for the "setPolicy" permission instead of the "getPolicy" permission:

PolicyContext.getContext before JACC upgrade:
https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93

PolicyContext.getContext after JACC upgrade:
https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226
 
DynamicJaspiTestCase.testCalls
{code}
&amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
{code}
 
The above failure occurs because {{AuthConfigFactory.getFactory}} now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:

AuthConfigFactory.getFactory before JASPI upgrade:
https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205
AuthConfigFactory.getFactory after JASPI upgrade:
https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201





--
This message was sent by Atlassian Jira
(v7.13.5#713005)

More information about the jboss-jira mailing list