[jboss-jira] [JBoss JIRA] (DROOLS-4169) Can't compile large .drl files with security manager turned on in tomcat

Anthony Bruno (Jira) issues at jboss.org
Sun Jun 16 19:47:00 EDT 2019 

    [ https://issues.jboss.org/browse/DROOLS-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747542#comment-13747542 ] 

Anthony Bruno commented on DROOLS-4169:
---------------------------------------

Hey [~tzimanyi],

Thanks for the response, and good pick up on the rules.policy file! Unfortunately, correcting the file does not fix the issue.

To clarify, this problem *only* happens when running in Tomcat. It works fine running standalone, as exemplified in the JUnit test you created.

> Can't compile large .drl files with security manager turned on in tomcat
> ------------------------------------------------------------------------
>
>                 Key: DROOLS-4169
>                 URL: https://issues.jboss.org/browse/DROOLS-4169
>             Project: Drools
>          Issue Type: Bug
>    Affects Versions: 7.22.0.Final
>         Environment: Java 11
> Tomcat 9
> Ubuntu 18.10/Amazon Linux AMI
>            Reporter: Anthony Bruno
>            Assignee: Mario Fusco
>            Priority: Major
>
> Reproduction repository: https://github.com/AussieGuy0/drools-bug
> *Summary*
> When large rule (.drl) files are complied **with** the security manager turned
> on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`.
> *Steps*
> Prereqs: Program is run in servlet context (e.g .war file in tomcat)
> 1. Turn on security manager
> 2. Provide policy files through the properties `java.security.policy` and `kie.security.policy`
> 3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules
> *Expected Result*
> Rules are compiled successfully
> *Actual Result*
> No class def error
> *Cause*
> In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building. 
> A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory
> that provides it's own permissions. These permissions are not sufficient for compiling
> drl files in a servlet context.
> *Potential Fix*
> A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a 
> configuration option for drools.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list