[jboss-jira] [JBoss JIRA] (DROOLS-4169) Can't compile large .drl files with security manager turned on in tomcat
Anthony Bruno (Jira)
issues at jboss.org
Wed Jun 12 21:55:00 EDT 2019
Anthony Bruno created DROOLS-4169:
-------------------------------------
Summary: Can't compile large .drl files with security manager turned on in tomcat
Key: DROOLS-4169
URL: https://issues.jboss.org/browse/DROOLS-4169
Project: Drools
Issue Type: Bug
Affects Versions: 7.22.0.Final
Environment: Java 11
Tomcat 9
Ubuntu 18.10/Amazon Linux AMI
Reporter: Anthony Bruno
Assignee: Mario Fusco
Reproduction repository: https://github.com/AussieGuy0/drools-bug
*Summary*
When large rule (.drl) files are complied **with** the security manager turned
on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`.
*Steps*
Prereqs: Program is run in servlet context (e.g .war file in tomcat)
1. Turn on security manager
2. Provide policy files through the properties `java.security.policy` and `kie.security.policy`
3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules
*Expected Result*
Rules are compiled successfully
*Actual Result*
No class def error
*Cause*
In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building.
A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory
that provides it's own permissions. These permissions are not sufficient for compiling
drl files in a servlet context.
*Potential Fix*
A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a
configuration option for drools.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list