[jboss-jira] [JBoss JIRA] (WFLY-13055) Permission check failed when using SecurityManager with IBM JDK

Darran Lofthouse (Jira) issues at jboss.org
Tue Feb 4 09:51:04 EST 2020 

    [ https://issues.redhat.com/browse/WFLY-13055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13963253#comment-13963253 ] 

Darran Lofthouse commented on WFLY-13055:
-----------------------------------------

This is the server side of the error: -

{noformat}
15:28:11,160 SEVERE [javax.xml.soap] (default task-1) Error reading SAAJ configuration from [/home/francesco/java/ibm-java-x86_64-80/jre/conf/jaxm.properties] file. Check it is accessible and has correct format.: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/francesco/java/ibm-java-x86_64-80/jre/conf/jaxm.properties" "read")" in code source "(vfs:/content/jaxws-basic-pojo.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jaxws-basic-pojo.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:303)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:200)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:901)
	at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:368)
	at sun.nio.fs.UnixPath.checkRead(UnixPath.java:815)
	at sun.nio.fs.UnixFileSystemProvider.checkAccess(UnixFileSystemProvider.java:302)
	at java.nio.file.Files.exists(Files.java:2396)
	at javax.xml.soap.FactoryFinder.fromJDKProperties(FactoryFinder.java:243)
	at javax.xml.soap.FactoryFinder.find(FactoryFinder.java:83)
	at javax.xml.soap.SAAJMetaFactory.getInstance(SAAJMetaFactory.java:74)
	at javax.xml.soap.SOAPFactory.newInstance(SOAPFactory.java:273)
{noformat}

I think I am verging on thinking there is a doPrivileged missing within the javax.xml classes, in this case the API has clearly defined behaviour that it will attempt to lookup the properties file so I don't believe that requirement should leak out to the deployment.


> Permission check failed when using SecurityManager with IBM JDK
> ---------------------------------------------------------------
>
>                 Key: WFLY-13055
>                 URL: https://issues.redhat.com/browse/WFLY-13055
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security Manager, Test Suite
>    Affects Versions: 19.0.0.Beta1
>            Reporter: Francesco Marchioni
>            Priority: Major
>         Attachments: surefire-reports.zip
>
>
> When using IBM JDK in combination with SecurityManager a Permission check fails for classes using packages com.sun.org.apache.xerces.internal.jaxp
> {code:java}
> INFO] Running org.jboss.as.test.integration.ws.basic.PojoEndpointTestCase
> [ERROR] Tests run: 4, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 9.002 s <<< FAILURE! - in org.jboss.as.test.integration.ws.basic.PojoEndpointTestCase
> [ERROR] testHelloError(org.jboss.as.test.integration.ws.basic.PojoEndpointTestCase)  Time elapsed: 0.188 s  <<< FAILURE!
> org.junit.ComparisonFailure: expected:<[Fault for test purpose]> but was:<[Provider com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl could not be instantiated: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.org.apache.xerces.internal.jaxp")" in code source "(vfs:/content/jaxws-basic-pojo.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jaxws-basic-pojo.war" from Service Module Loader")]>
> 	at org.junit.Assert.assertEquals(Assert.java:115)
> 	at org.junit.Assert.assertEquals(Assert.java:144)
> 	at org.jboss.as.test.integration.ws.basic.BasicTests.testHelloError(BasicTests.java:69)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
> 	at java.lang.reflect.Method.invoke(Method.java:508)
> 	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
> 	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> 	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
> {code}
> Affected Tests in the AS Testsuite:
> org.jboss.as.test.integration.ws.basic.PojoEndpointTestCase#testHelloError
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATVoteReadOnly
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATClientRollback
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATVoteRollback
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATApplicationException
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATSimple
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATSingleSimple
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATVoteRollbackPrePrepare
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATApplicationExceptionCommit
> org.jboss.as.test.xts.wsat.client.ATTestCase#testWSATRollbackOnly
> org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase#testWSBACoordinatorSimple
> org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase#testWSBACoordinatorSingle
> org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase#testWSBACoordinatorApplicationException
> org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase#testWSBACoordinatorClientCancel
> org.jboss.as.test.txbridge.fromjta.BridgeFromJTATestCase#testRollback
> org.jboss.as.test.txbridge.fromjta.BridgeFromJTATestCase#testCommit
> org.jboss.as.test.xts.suspend.wsat.AtomicTransactionSuspendTestCase#testRollbackAfterSuspend
> org.jboss.as.test.xts.suspend.wsat.AtomicTransactionSuspendTestCase#testRemoteServiceAfterSuspend
> org.jboss.as.test.xts.suspend.wsat.AtomicTransactionSuspendTestCase#testCommitAfterSuspend
> org.jboss.as.test.xts.annotation.client.CompensatableTestCase#testNoTransaction
> org.jboss.as.test.xts.annotation.client.CompensatableTestCase#testActiveTransaction
> org.jboss.as.test.xts.annotation.client.TransactionalTestCase#testNoTransaction
> org.jboss.as.test.xts.annotation.client.TransactionalTestCase#testActiveTransaction
> org.jboss.as.test.xts.suspend.wsba.BusinessActivitySuspendTestCase#testRemoteServiceAfterSuspend



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list