[jboss-jira] [JBoss JIRA] (WFCORE-4374) security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does
Bartosz Spyrko-Śmietanko (Jira)
issues at jboss.org
Thu Mar 14 12:57:00 EDT 2019
[ https://issues.jboss.org/browse/WFCORE-4374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13708520#comment-13708520 ]
Bartosz Spyrko-Śmietanko commented on WFCORE-4374:
--------------------------------------------------
'javax.management.MBeanServerPermission' fails to load in LoadedPermissionFactory because the class is not available to the security-manager module.
Adding java.se module to the security-manager module will solve most of the cases, but there would still be some permissions not included. Maybe we should add a 'module' parameter on the permission element that would be used to resolve the Permission?
[~jmesnil] WDYT?
> security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does
> -------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-4374
> URL: https://issues.jboss.org/browse/WFCORE-4374
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Bartosz Spyrko-Śmietanko
> Assignee: Bartosz Spyrko-Śmietanko
> Priority: Major
>
> When configuring a jdbc driver deployment jar with permissions.xml it I was able to resolve all of the needed permissions. But then when I remove the permissions.xml from the deployment and define the same permissions in the security-manager, it fails saying it requires the javax.management.MBeanServerPermission createMBeanServer even though it is defined in the subsystem.
> {code}
> 23:41:13,007 ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/Users/bmaxwell/Downloads/02291781/jboss-eap-7.3/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader")
> {code}
> {code}
> <minimum-set>
> <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/>
> </minimum-set>
> {code}
> If you put a permissions.xml in the deployment's META-INF with this below then it works fine. The other permissions I used for the jdbc driver seemed to work fine, it is just this one that seems inconsistent for some reason.
> {code}
> <?xml version="1.0" encoding="UTF-8"?>
> <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
> http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd"
> version="7">
> <permission>
> <class-name>javax.management.MBeanServerPermission</class-name>
> <name>createMBeanServer</name>
> </permission>
> </permissions>
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list