[jboss-jira] [JBoss JIRA] (DROOLS-4169) Can't compile large .drl files with security manager turned on in tomcat

Mario Fusco (Jira) issues at jboss.org
Mon Dec 16 12:58:14 EST 2019 

     [ https://issues.redhat.com/browse/DROOLS-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mario Fusco updated DROOLS-4169:
--------------------------------
    Sprint: 2019 Week 50-52 (from Dec 9)


> Can't compile large .drl files with security manager turned on in tomcat
> ------------------------------------------------------------------------
>
>                 Key: DROOLS-4169
>                 URL: https://issues.redhat.com/browse/DROOLS-4169
>             Project: Drools
>          Issue Type: Bug
>    Affects Versions: 7.22.0.Final
>         Environment: Java 11
> Tomcat 9
> Ubuntu 18.10/Amazon Linux AMI
>            Reporter: Anthony Bruno
>            Assignee: Mario Fusco
>            Priority: Major
>
> Reproduction repository: https://github.com/AussieGuy0/drools-bug
> *Summary*
> When large rule (.drl) files are complied **with** the security manager turned
> on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`.
> *Steps*
> Prereqs: Program is run in servlet context (e.g .war file in tomcat)
> 1. Turn on security manager
> 2. Provide policy files through the properties `java.security.policy` and `kie.security.policy`
> 3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules
> *Expected Result*
> Rules are compiled successfully
> *Actual Result*
> No class def error
> *Cause*
> In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building. 
> A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory
> that provides it's own permissions. These permissions are not sufficient for compiling
> drl files in a servlet context.
> *Potential Fix*
> A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a 
> configuration option for drools.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list