Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1873

JaccDelegatingPolicy should allow non JACC modifications to pass through.

    Details

      Description

      Errors such as the following can be seen within the application server: -

      Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
      	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:127) [wildfly-elytron-jacc-1.10.0.CR6.jar:1.10.0.CR6]
      	at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:1005) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:881) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:404) [rt.jar:1.8.0_222]
      	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:219) [rt.jar:1.8.0_222]
      	at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:152) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.util.JDKBridge.loadClassM(JDKBridge.java:189) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.util.JDKBridge.loadClass(JDKBridge.java:89) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.javax.rmi.CORBA.Util.loadClass(Util.java:605) [rt.jar:1.8.0_222]
      	at javax.rmi.CORBA.Util.loadClass(Util.java:259) [rt.jar:1.8.0_222]
      	at com.sun.corba.se.impl.presentation.rmi.StubFactoryFactoryDynamicBase.createStubFactory(StubFactoryFactoryDynamicBase.java:64) [rt.jar:1.8.0_222]
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.getStubFactoryImpl(DelegatingStubFactoryFactory.java:76)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.access$000(DelegatingStubFactoryFactory.java:41)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:58)
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory$1.run(DelegatingStubFactoryFactory.java:55)
      	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_222]
      	at org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory.createStubFactory(DelegatingStubFactoryFactory.java:55)
      	at com.sun.corba.se.impl.util.Utility.loadStub(Utility.java:780) [rt.jar:1.8.0_222]
      	... 11 more
      

      In this scenario the permission was RuntimePermission("java.lang.RuntimePermission" "createClassLoader") so should be related to the ProtectionDomain of the class loader and not the JACC permission collection.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dlofthouse Darran Lofthouse
                Reporter:
                dlofthouse Darran Lofthouse
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: