Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1873

JaccDelegatingPolicy should allow non JACC modifications to pass through.

    XMLWordPrintable

Details

    Description

      Errors such as the following can be seen within the application server: -

      Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
      	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127) [wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
      	at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605) [rt.jar:1.8.0_222]
      	at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64) [rt.jar:1.8.0_222]
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
      	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
      	at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
      	... 11 more
      

      In this scenario the permission was RuntimePermission("java.lang.RuntimePermission" "createClassLoader") so should be related to the ProtectionDomain of the class loader and not the JACC permission collection.

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            darran.lofthouse@redhat.com Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: