[jboss-jira] [JBoss JIRA] (DROOLS-4169) Can't compile large .drl files with security manager turned on in tomcat

Mario Fusco (Jira) issues at jboss.org
Wed Jan 15 04:05:59 EST 2020 

     [ https://issues.redhat.com/browse/DROOLS-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mario Fusco resolved DROOLS-4169.
---------------------------------
    Resolution: Explained


> Can't compile large .drl files with security manager turned on in tomcat
> ------------------------------------------------------------------------
>
>                 Key: DROOLS-4169
>                 URL: https://issues.redhat.com/browse/DROOLS-4169
>             Project: Drools
>          Issue Type: Bug
>    Affects Versions: 7.22.0.Final
>         Environment: Java 11
> Tomcat 9
> Ubuntu 18.10/Amazon Linux AMI
>            Reporter: Anthony Bruno
>            Assignee: Mario Fusco
>            Priority: Major
>
> Reproduction repository: https://github.com/AussieGuy0/drools-bug
> *Summary*
> When large rule (.drl) files are complied **with** the security manager turned
> on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`.
> *Steps*
> Prereqs: Program is run in servlet context (e.g .war file in tomcat)
> 1. Turn on security manager
> 2. Provide policy files through the properties `java.security.policy` and `kie.security.policy`
> 3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules
> *Expected Result*
> Rules are compiled successfully
> *Actual Result*
> No class def error
> *Cause*
> In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building. 
> A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory
> that provides it's own permissions. These permissions are not sufficient for compiling
> drl files in a servlet context.
> *Potential Fix*
> A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a 
> configuration option for drools.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list