-
Bug
-
Resolution: Done
-
Major
-
2.0 .Final
When deployment in container with security manager enabled try to use CDI.current() call, CDI class directly access JAR of CDI provider, because of which security manager requires from the deployment to have permission to read the JAR.
CDI.findAllProviders method should read the JAR in privileged block.
(as discussed in WFLY-10125)
java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-integ-rhel-secman/1cfa62fc/jboss-eap-7.2/modules/system/layers/base/org/jboss/as/weld/main/wildfly-weld-7.2.0.CD12-redhat-2.jar" "read")" in code source "(vfs:/content/test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360) at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152) at java.net.URL.openStream(URL.java:1045) at javax.enterprise.inject.spi.CDI.findAllProviders(CDI.java:109) at javax.enterprise.inject.spi.CDI.current(CDI.java:53) at org.jboss.as.test.integration.ee.injection.support.jpa.beanManager.TestEntityListener.obtainFooViaCdiCurrent(TestEntityListener.java:97)
- causes
-
-
- Closed
-
