-
Enhancement
-
Resolution: Done
-
Major
-
1.13.2.Final
-
None
The current implementation is very strong for regular cases. It works fine to display missing permissions when CodeSource and/or ClassLoader are correctly set to the checked protection domain. If one of those is missing and there is no good exception handling, it is impossible to track down missing permissions.
Examples:
Undertow
WildFly 1
WildFly 1a, including Stacktrace
java.io.File
line 2048
The idea is to provide a yielded trace log and provide the missing permission, the full protection domain and a dummy exception to have stack trace where this occurs.
Current code:
public static ProtectionDomain findAccessDenial(final Permission permission, final ProtectionDomain... domains) { ProtectionDomain deniedDomain = null; if (domains != null) for (ProtectionDomain domain : domains) { if (! domain.implies(permission)) { final CodeSource codeSource = domain.getCodeSource(); final ClassLoader classLoader = domain.getClassLoader(); final Principal[] principals = domain.getPrincipals(); if (principals == null || principals.length == 0) { access.accessCheckFailed(permission, codeSource, classLoader); } else { access.accessCheckFailed(permission, codeSource, classLoader, Arrays.toString(principals)); } if (deniedDomain == null && ! LOG_ONLY) { deniedDomain = domain; } } } return deniedDomain; }