[wildfly-dev] Permissions for Arquillian in test deployments

Brian Stansberry brian.stansberry at redhat.com
Thu Sep 3 11:28:25 EDT 2015 

I don't have much of a comment re: the Arquillian issue, but for the 
WFCORE ones the deployments need to have a permissions.xml that lets 
them function. Those aren't a case of the test client logic being mixed 
in with the deployment logic.

Altering the 'default' permissions by adding such permissions to the 
minimum-permissions set in security-manager subsystem sounds wrong, for 
the reasons Stuart describes in his "Adding permissions to tests" thread 
today. It's more likely to mask real problems. That kind of change would 
need to be done and reverted via a ServerSetupTask for each test, so it 
doesn't have a large advantage in terms of ease of implementation.

BTW if any of the tests in full are not @RunAsClient but could be, they 
should be changed. But if there are only 27 relevant tests, the odds are 
good the bulk of such tests have been fixed.

On 9/3/15 7:47 AM, Ondrej Kotek wrote:
> Hi,
>
> I am investigating failing tests in WildFly and WildFly Core testsuites [1,2] when security manager is enabled.
>
> There are test cases using org.jboss.as.arquillian.container.ManagementClient in non-runAsClient mode. While running with Java Security Manager without AllPermission assigned, the test cases fail. This is caused by insufficient permissions assigned to deployments -- deployments require permissions that Arquillian uses to create connection for ManagementClient, e.g. read FilePermission for modules/system/layers/base/org/jboss/xnio/nio/main/* (XNIO module), connect,resolve SocketPermission, * * MBeanPermission, getClassLoader RuntimePermission.
>
> There are probably about 27 such tests ([1,2] and other related issues).
>
> Adding permissions for Arquillian to a deployment could mask bugs related to such permissions. The demand of permissions for Arquillian should be shielded by Arquillian. Is it doable?
>
> In case it is not doable, there are several other ways how to solve adding permissions for Arquillian:
>    * Adding such permissions to minimum-permissions set in security-manager subsystem
>    * Adding such permissions to each permissions.xml
>    * Creating a custom permission containing such permissions and adding it to each permissions.xml
>
> Which one do you consider the most correct? Or, is there another way?
>
> [1] https://issues.jboss.org/browse/WFLY-5169
> [2] https://issues.jboss.org/browse/WFCORE-848
>
> Thanks,
>
>   Ondrej Kotek
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


-- 
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

More information about the wildfly-dev mailing list