[jboss-jira] [JBoss JIRA] (WFLY-12455) Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades

Farah Juma (Jira) issues at jboss.org
Thu Aug 29 14:32:00 EDT 2019 

     [ https://issues.jboss.org/browse/WFLY-12455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma updated WFLY-12455:
------------------------------
    Summary: Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades  (was: Update permission names in tests to fix failures that occur with the security manager enabled)


> Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-12455
>                 URL: https://issues.jboss.org/browse/WFLY-12455
>             Project: WildFly
>          Issue Type: Task
>          Components: Test Suite
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Major
>
> The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:
> PolicyContextTestCase.testHttpServletRequestFromPolicyContext
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
>  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
>  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
>  at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
>  at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
> {code}
>  
> AuthenticationPolicyContextTestCase.test
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
> 	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
> {code}
> The above two failures are occurring because {{PolicyContext.getContext}} now checks for the "setPolicy" permission instead of the "getPolicy" permission:
> PolicyContext.getContext before JACC upgrade:
> https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93
> PolicyContext.getContext after JACC upgrade:
> https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226
>  
> DynamicJaspiTestCase.testCalls
> {code}
> &amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
> 	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
> 	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
> {code}
>  
> The above failure occurs because {{AuthConfigFactory.getFactory}} now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:
> AuthConfigFactory.getFactory before JASPI upgrade:
> https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205
> AuthConfigFactory.getFactory after JASPI upgrade:
> https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201



--
This message was sent by Atlassian Jira
(v7.13.5#713005)

More information about the jboss-jira mailing list