[jboss-jira] [JBoss JIRA] (WFLY-12081) (Intermittent) stuck start with secmgr after enabling Elytron JACC for undertow/application-security-domain
Darran Lofthouse (Jira)
issues at jboss.org
Wed May 15 13:30:00 EDT 2019
[ https://issues.jboss.org/browse/WFLY-12081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13733965#comment-13733965 ]
Darran Lofthouse commented on WFLY-12081:
-----------------------------------------
The file attached contains a single thread dump from a run, but I can now see two threads mutually locking each other: -
{noformat}
"ServerService Thread Pool -- 72" #106 prio=5 os_prio=0 tid=0x0000560913dbd800 nid=0x6fa8 waiting for monitor entry [0x00007f79e6a06000]
java.lang.Thread.State: BLOCKED (on object monitor)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
- waiting to lock <0x00000000e0e31208> (a sun.net.www.protocol.jar.JarFileFactory)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
at sun.net.www.protocol.jar.JarURLConnection.getContentLengthLong(JarURLConnection.java:179)
at sun.net.www.protocol.jar.JarURLConnection.getContentLength(JarURLConnection.java:170)
at java.lang.invoke.MethodHandleImpl$BindCaller$2.run(MethodHandleImpl.java:1238)
at java.lang.invoke.MethodHandleImpl$BindCaller$2.run(MethodHandleImpl.java:1231)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.invoke.MethodHandleImpl$BindCaller. (MethodHandleImpl.java:1231)
at java.lang.invoke.MethodHandleImpl.bindCaller(MethodHandleImpl.java:1117)
at java.lang.invoke.MethodHandles$Lookup.maybeBindCaller(MethodHandles.java:1681)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:1669)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:1617)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:1802)
at java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:1751)
at java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:477)
at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:170)
at org.wildfly.extension.elytron.PolicyDefinitions$5$1$$Lambda$416/74714393.run(Unknown Source)
at org.wildfly.extension.elytron.SecurityActions.doPrivileged(SecurityActions.java:35)
at org.wildfly.extension.elytron.PolicyDefinitions$5$1.getContext(PolicyDefinitions.java:363)
at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:105)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.getCurrentSecurityIdentity(JaccDelegatingPolicy.java:157)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.impliesIdentityPermission(JaccDelegatingPolicy.java:151)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.implies(JaccDelegatingPolicy.java:109)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:279)
at org.wildfly.security.manager.WildFlySecurityManager.findAccessDenial(WildFlySecurityManager.java:220)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:292)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:359)
at java.io.File.exists(File.java:814)
{noformat}
AND
{noformat}
"ServerService Thread Pool -- 49" #74 prio=5 os_prio=0 tid=0x0000560913682000 nid=0x6f8c in Object.wait() [0x00007f79e8a3b000]
java.lang.Thread.State: RUNNABLE
at java.lang.invoke.MethodHandleImpl.bindCaller(MethodHandleImpl.java:1117)
at java.lang.invoke.MethodHandles$Lookup.maybeBindCaller(MethodHandles.java:1681)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:1669)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:1617)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:1802)
at java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:1751)
at java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:477)
at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:170)
at org.wildfly.extension.elytron.PolicyDefinitions$5$1$$Lambda$416/74714393.run(Unknown Source)
at org.wildfly.extension.elytron.SecurityActions.doPrivileged(SecurityActions.java:35)
at org.wildfly.extension.elytron.PolicyDefinitions$5$1.getContext(PolicyDefinitions.java:363)
at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:105)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.getCurrentSecurityIdentity(JaccDelegatingPolicy.java:157)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.impliesIdentityPermission(JaccDelegatingPolicy.java:151)
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy.implies(JaccDelegatingPolicy.java:109)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:279)
at org.wildfly.security.manager.WildFlySecurityManager.findAccessDenial(WildFlySecurityManager.java:220)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:292)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:131)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
- locked <0x00000000e0e31208> (a sun.net.www.protocol.jar.JarFileFactory)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
at org.jboss.modules.GetURLConnectionAction.run(GetURLConnectionAction.java:37)
at org.jboss.modules.GetURLConnectionAction.run(GetURLConnectionAction.java:28)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.modules.JarFileResourceLoader.getResource(JarFileResourceLoader.java:243)
at org.jboss.modules.ModuleClassLoader.loadResourceLocal(ModuleClassLoader.java:410)
at org.jboss.modules.ModuleClassLoader$1.loadResourceLocal(ModuleClassLoader.java:144)
at org.jboss.modules.Module.getResources(Module.java:861)
at org.jboss.modules.ModuleClassLoader.findResources(ModuleClassLoader.java:658)
at org.jboss.modules.ConcurrentClassLoader.getResources(ConcurrentClassLoader.java:273)
at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:348)
at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
at org.jboss.as.ejb3.cache.distributable.DistributableCacheFactoryBuilderServiceConfigurator.load(DistributableCacheFactoryBuilderServiceConfigurator.java:70)
{noformat}
> (Intermittent) stuck start with secmgr after enabling Elytron JACC for undertow/application-security-domain
> -----------------------------------------------------------------------------------------------------------
>
> Key: WFLY-12081
> URL: https://issues.jboss.org/browse/WFLY-12081
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 17.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Darran Lofthouse
> Priority: Blocker
> Attachments: Second.txt
>
>
> After enabling JACC on {{undertow/application-security-domain=other}}, the server can get stuck when starting with Security Manager turned on. It stops responding and cannot be terminated by Ctrl-C.
> After disabling JACC, or when starting without Security Manager, the server starts as expected.
> This behaviour blocks customers that uses JACC with Security Manager.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list