[jboss-jira] [JBoss JIRA] (WFLY-12455) Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades

Farah Juma (Jira) issues at jboss.org
Thu Aug 29 14:33:00 EDT 2019 

     [ https://issues.jboss.org/browse/WFLY-12455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma updated WFLY-12455:
------------------------------
    Description: 
The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:

PolicyContextTestCase.testHttpServletRequestFromPolicyContext
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
 at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
 at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}
 
AuthenticationPolicyContextTestCase.test
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}

The above two failures are occurring because {{PolicyContext.getContext}} now checks for the "setPolicy" permission instead of the "getPolicy" permission:

PolicyContext.getContext before JACC upgrade:
https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93

PolicyContext.getContext after JACC upgrade:
https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226
 
DynamicJaspiTestCase.testCalls
{code}
&amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
{code}
 
The above failure occurs because {{AuthConfigFactory.getFactory}} now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:

AuthConfigFactory.getFactory before JASPI upgrade:
https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205

AuthConfigFactory.getFactory after JASPI upgrade:
https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201



  was:
The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:

PolicyContextTestCase.testHttpServletRequestFromPolicyContext
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar &lt;no signer certificates&gt;)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
 at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
 at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
 at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}
 
AuthenticationPolicyContextTestCase.test
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
{code}

The above two failures are occurring because {{PolicyContext.getContext}} now checks for the "setPolicy" permission instead of the "getPolicy" permission:

PolicyContext.getContext before JACC upgrade:
https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93

PolicyContext.getContext after JACC upgrade:
https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226
 
DynamicJaspiTestCase.testCalls
{code}
&amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
{code}
 
The above failure occurs because {{AuthConfigFactory.getFactory}} now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:

AuthConfigFactory.getFactory before JASPI upgrade:
https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205
AuthConfigFactory.getFactory after JASPI upgrade:
https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201





> Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-12455
>                 URL: https://issues.jboss.org/browse/WFLY-12455
>             Project: WildFly
>          Issue Type: Task
>          Components: Test Suite
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Major
>
> The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:
> PolicyContextTestCase.testHttpServletRequestFromPolicyContext
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar &lt;no signer certificates&gt;)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
>  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
>  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
>  at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
>  at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
> {code}
>  
> AuthenticationPolicyContextTestCase.test
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
> 	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
> {code}
> The above two failures are occurring because {{PolicyContext.getContext}} now checks for the "setPolicy" permission instead of the "getPolicy" permission:
> PolicyContext.getContext before JACC upgrade:
> https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93
> PolicyContext.getContext after JACC upgrade:
> https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226
>  
> DynamicJaspiTestCase.testCalls
> {code}
> &amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
> 	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
> 	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
> {code}
>  
> The above failure occurs because {{AuthConfigFactory.getFactory}} now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:
> AuthConfigFactory.getFactory before JASPI upgrade:
> https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205
> AuthConfigFactory.getFactory after JASPI upgrade:
> https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201



--
This message was sent by Atlassian Jira
(v7.13.5#713005)

More information about the jboss-jira mailing list