[jboss-jira] [JBoss JIRA] (ELY-1873) JaccDelegatingPolicy should allow non JACC modifications to pass through.

Darran Lofthouse (Jira) issues at jboss.org
Tue Sep 3 07:43:01 EDT 2019 

     [ https://issues.jboss.org/browse/ELY-1873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1873:
----------------------------------
    Description: 
Errors such as the following can be seen within the application server: -

{noformat}
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127) [wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
	at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005) [rt.jar:1.8.0_222]
	at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
	at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637) [rt.jar:1.8.0_222]
	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
	at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189) [rt.jar:1.8.0_222]
	at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
	at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605) [rt.jar:1.8.0_222]
	at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
	at com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64) [rt.jar:1.8.0_222]
	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
	at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
	... 11 more
{noformat}

In this scenario the permission was RuntimePermission("java.lang.RuntimePermission" "createClassLoader") so should be related to the ProtectionDomain of the class loader and not the JACC permission collection.


> JaccDelegatingPolicy should allow non JACC modifications to pass through.
> -------------------------------------------------------------------------
>
>                 Key: ELY-1873
>                 URL: https://issues.jboss.org/browse/ELY-1873
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: EE
>    Affects Versions: 1.10.0.Final
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>             Fix For: 1.10.1.CR1
>
>
> Errors such as the following can be seen within the application server: -
> {noformat}
> Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
> 	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127) [wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
> 	at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005) [rt.jar:1.8.0_222]
> 	at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
> 	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
> 	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
> 	at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637) [rt.jar:1.8.0_222]
> 	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
> 	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
> 	at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189) [rt.jar:1.8.0_222]
> 	at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
> 	at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605) [rt.jar:1.8.0_222]
> 	at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
> 	at com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64) [rt.jar:1.8.0_222]
> 	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
> 	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
> 	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
> 	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
> 	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
> 	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
> 	at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
> 	... 11 more
> {noformat}
> In this scenario the permission was RuntimePermission("java.lang.RuntimePermission" "createClassLoader") so should be related to the ProtectionDomain of the class loader and not the JACC permission collection.



--
This message was sent by Atlassian Jira
(v7.13.5#713005)

More information about the jboss-jira mailing list