[jboss-jira] [JBoss JIRA] (WFLY-11630) JDBC datasource should be granted the connect SocketPermission
Ivo Studensky (Jira)
issues at jboss.org
Thu Feb 21 04:28:00 EST 2019
[ https://issues.jboss.org/browse/WFLY-11630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivo Studensky reassigned WFLY-11630:
------------------------------------
Assignee: Ivo Studensky (was: Flavia Rainone)
> JDBC datasource should be granted the connect SocketPermission
> --------------------------------------------------------------
>
> Key: WFLY-11630
> URL: https://issues.jboss.org/browse/WFLY-11630
> Project: WildFly
> Issue Type: Bug
> Components: JCA, Security
> Affects Versions: 16.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Ivo Studensky
> Priority: Major
> Labels: security-manager
> Attachments: DataSourceDefinitionJPATestCase-output-missing_SocketPermission_Connect.txt
>
>
> When a deployment uses connection on a JDBC datasource, the deployment needs the {{connect}} {{SocketPermission}} granted.
> For example
> {noformat}
> ...
> DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS");
> Connection conn = ds.getConnection();
> ...
> {noformat}
> may require {{permissions.xml}} like
> {noformat}
> <permissions version="7">
> <!-- Connections to databases -->
> <permission>
> <class-name>java.net.SocketPermission</class-name>
> <name>*</name> <!-- This can be hardened by using specific URLs/IPs -->
> <actions>resolve,connect</actions>
> </permission>
> </permissions>
> {noformat}
> However, {{resolve}} {{SocketPermission}} should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the {{connect}} {{SocketPermission.}} JDBC extends the JCA spec.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list