[jboss-jira] [JBoss JIRA] (WFLY-12465) Security manager failures persisting timers

Darran Lofthouse (Jira) issues at jboss.org
Tue Sep 3 05:11:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFLY-12465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13778383#comment-13778383 ] 

Darran Lofthouse commented on WFLY-12465:
-----------------------------------------

Please keep in mind that the only place where a doPrivileged block should be added is where that code has already verified that it can only be called by an authorized caller.

In some cases this can actually mean another permission check needs to be added but that could possibly be a much coarser check such as DatasourcePermission("create") and then the fine grained calls can all be wrapped into doPrivileged calls.  

In other cases we can rely on reduced visibility of a method but there still need to be checks performed on the calling methods to ensure they can not be mis-used.

In some cases after evaluating you find that the caller actually should be granted this permission themselves which would mean no doPrivileged block is needed.

These are a real pain but unfortunately do need to be evaluated on a cases by case basis but the notion we need to keep adding doPrivileged calls is problematic - but so is the notion that the caller should be granted all the permissions specifically required.


> Security manager failures persisting timers
> -------------------------------------------
>
>                 Key: WFLY-12465
>                 URL: https://issues.jboss.org/browse/WFLY-12465
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB, JCA
>            Reporter: Brian Stansberry
>            Assignee: Cheng Fang
>            Priority: Major
>
> There are intermittent failures in the security manager enabled CI jobs for DatabaseTimerServiceMultiNodeExecutionDisabledTestCase.
> For example: https://ci.wildfly.org/viewLog.html?buildId=164790&buildTypeId=WF_PullRequest_LinuxSm
> {code}
> javax.ejb.EJBException: java.lang.RuntimeException: java.lang.RuntimeException: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/TimeDs_disabled
> 	at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:246)
> 	at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:362)
> 	at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:144)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
> 	at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
> 	at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
> 	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:618)
> 	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> 	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:406)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:591)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:572)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:205)
> 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
> 	at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/TimeDs_disabled
> 	at org.jboss.as.ejb3.timerservice.TimerServiceImpl.persistTimer(TimerServiceImpl.java:626)
> 	at org.jboss.as.ejb3.timerservice.TimerServiceImpl.createTimer(TimerServiceImpl.java:480)
> 	at org.jboss.as.ejb3.timerservice.TimerServiceImpl.createSingleActionTimer(TimerServiceImpl.java:305)
> 	at org.jboss.as.test.multinode.ejb.timer.database.TimedObjectTimerServiceBean.scheduleTimer(TimedObjectTimerServiceBean.java:57)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
> 	at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:80)
> 	at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:90)
> 	at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:107)
> 	at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> 	at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:237)
> 	... 40 more
> Caused by: java.lang.RuntimeException: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/TimeDs_disabled
> 	at org.jboss.as.ejb3.timerservice.persistence.database.DatabaseTimerPersistence.addTimer(DatabaseTimerPersistence.java:343)
> 	at org.jboss.as.ejb3.timerservice.TimerServiceImpl.persistTimer(TimerServiceImpl.java:607)
> 	... 71 more
> Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/TimeDs_disabled
> 	at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:159)
> 	at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)
> 	at org.jboss.as.ejb3.timerservice.persistence.database.DatabaseTimerPersistence.addTimer(DatabaseTimerPersistence.java:338)
> 	... 72 more
> Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/TimeDs_disabled
> 	at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:690)
> 	at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:440)
> 	at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
> 	at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151)
> 	... 74 more
> Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
> 	at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
> 	at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
> 	at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
> 	at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1328)
> 	at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
> 	at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getTransactionNewConnection(AbstractPool.java:714)
> 	at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:613)
> 	at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
> 	... 77 more
> Caused by: org.h2.jdbc.JdbcSQLException: General error: "java.security.AccessControlException: WFSM000001: Permission check failed (permission ""(""java.net.SocketPermission"" ""127.0.1.1:9092"" ""connect,resolve"")"" in code source ""(vfs:/content/testTimerServiceSimple.war/WEB-INF/classes <no signer certificates>)"" of ""ModuleClassLoader for Module ""deployment.testTimerServiceSimple.war"" from Service Module Loader"")" [50000-193]
> 	at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
> 	at org.h2.message.DbException.get(DbException.java:168)
> 	at org.h2.message.DbException.convert(DbException.java:295)
> 	at org.h2.message.DbException.toSQLException(DbException.java:268)
> 	at org.h2.message.TraceObject.logAndConvert(TraceObject.java:352)
> 	at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:129)
> 	at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:99)
> 	at org.h2.Driver.connect(Driver.java:69)
> 	at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
> 	... 84 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "127.0.1.1:9092" "connect,resolve")" in code source "(vfs:/content/testTimerServiceSimple.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.testTimerServiceSimple.war" from Service Module Loader")
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> 	at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
> 	at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:389)
> 	at java.net.Socket.connect(Socket.java:584)
> 	at org.h2.util.NetUtils.createSocket(NetUtils.java:122)
> 	at org.h2.util.NetUtils.createSocket(NetUtils.java:102)
> 	at org.h2.engine.SessionRemote.initTransfer(SessionRemote.java:114)
> 	at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:448)
> 	at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:329)
> 	at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:115)
> 	... 87 more
> {code}
> My instinct is this does not look like a case where the test deployment is missing some permission, as the persistence of the timer seems like a container concern, not something the app should need to worry about.
> It's a bit odd that this is an intermittent failure, but perhaps that's just a matter of the timer persistence typically being able to fetch a connection from the pool, one opened by some other code, and it only fails if this call stack needs to create the connection.



--
This message was sent by Atlassian Jira
(v7.13.5#713005)

More information about the jboss-jira mailing list