[jboss-jira] [JBoss JIRA] (DROOLS-4169) Can't compile large .drl files with security manager turned on in tomcat
Tibor Zimanyi (Jira)
issues at jboss.org
Wed Jan 15 03:57:25 EST 2020
[ https://issues.redhat.com/browse/DROOLS-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13948812#comment-13948812 ]
Tibor Zimanyi commented on DROOLS-4169:
---------------------------------------
Hi [~anthony_bruno], sorry for late reply. I tried with Tomcat and if you specify security permissions in Tomcat's conf/catalina.policy file for your web application, it works. I added this to it (just for testing purposes, you can add more granular permissions):
grant codeBase "file:${catalina.base}/webapps/test/-" {
permission java.security.AllPermission;
};
Then I started the server with _./catalina.sh run -security_ and the big DRL worked. Please let me know if this answers your problem and if yes, I will close this JIRA.
> Can't compile large .drl files with security manager turned on in tomcat
> ------------------------------------------------------------------------
>
> Key: DROOLS-4169
> URL: https://issues.redhat.com/browse/DROOLS-4169
> Project: Drools
> Issue Type: Bug
> Affects Versions: 7.22.0.Final
> Environment: Java 11
> Tomcat 9
> Ubuntu 18.10/Amazon Linux AMI
> Reporter: Anthony Bruno
> Assignee: Mario Fusco
> Priority: Major
>
> Reproduction repository: https://github.com/AussieGuy0/drools-bug
> *Summary*
> When large rule (.drl) files are complied **with** the security manager turned
> on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`.
> *Steps*
> Prereqs: Program is run in servlet context (e.g .war file in tomcat)
> 1. Turn on security manager
> 2. Provide policy files through the properties `java.security.policy` and `kie.security.policy`
> 3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules
> *Expected Result*
> Rules are compiled successfully
> *Actual Result*
> No class def error
> *Cause*
> In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building.
> A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory
> that provides it's own permissions. These permissions are not sufficient for compiling
> drl files in a servlet context.
> *Potential Fix*
> A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a
> configuration option for drools.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list