-
Bug
-
Resolution: Done
-
Blocker
-
JBossAS-4.0.1 Final, JBossAS-5.0.0.Beta1
-
None
If one runs with the JACC policy provided enabled, and also specify that a security manager is intalled, the service fails to start with an exception like:
16:01:48,985 WARN [ServiceController] Problem starting service jboss.security:service=JACCSecurityService
java.lang.ClassCircularityError: javax/security/jacc/EJBMethodPermission
at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at sun.misc.URLClassPath.check(URLClassPath.java:398)
at sun.misc.URLClassPath$JarLoader.checkResource(URLClassPath.java:601)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:673)
at sun.misc.URLClassPath$JarLoader.findResource(URLClassPath.java:660)
at sun.misc.URLClassPath.findResource(URLClassPath.java:139)
at java.net.URLClassLoader$2.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findResource(URLClassLoader.java:359)
at java.lang.ClassLoader.getResource(ClassLoader.java:977)
at org.jboss.mx.loading.RepositoryClassLoader.getResourceLocally(RepositoryClassLoader.java:200)
at org.jboss.mx.loading.LoadMgr3$ResourceAction.run(LoadMgr3.java:95)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:247)
at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:464)
at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Thread.setContextClassLoader(Thread.java:1306)
at org.jboss.mx.server.TCLAction$5.run(TCLAction.java:102)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.mx.server.TCLAction$2.setContextClassLoader(TCLAction.java:97)
at org.jboss.mx.server.TCLAction$UTIL.setContextClassLoader(TCLAction.java:37)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:288)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:908)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:416)
The problem is the interaction between the class loading layer attempting to locate the class in question as a resource and the lazy loading of the JACC permission classes from within the Policy.implies override which results in recursion into a ClassCircularityError:
Thread "main"@336 in group "jboss" status: RUNNING
<init>():32, java.lang.ClassCircularityError
implies():72, org.jboss.security.jacc.DelegatingPolicy
implies():189, java.security.ProtectionDomain
checkPermission():254, java.security.AccessControlContext
checkPermission():401, java.security.AccessController
checkPermission():524, java.lang.SecurityManager
check():397, sun.misc.URLClassPath
getResource():884, sun.misc.URLClassPath$FileLoader
getResource():157, sun.misc.URLClassPath
getResource():209, sun.misc.URLClassPath
getBootstrapResource():950, java.lang.ClassLoader
getResource():811, java.lang.ClassLoader
getResource():809, java.lang.ClassLoader
getResource():809, java.lang.ClassLoader
getResource():809, java.lang.ClassLoader
getResourceLocally():205, org.jboss.mx.loading.RepositoryClassLoader
run():95, org.jboss.mx.loading.LoadMgr3$ResourceAction
doPrivileged():-1, java.security.AccessController
beginLoadTask():247, org.jboss.mx.loading.LoadMgr3
The classes needed by the implies method need to be loaded before the DelegatingPolicy is installed as the java.security.Policy implementation to avoid this.
- relates to
-
JBAS-1827 JACC: DelegatingPolicy.implies() loops when SecurityManager and trace log used.
- Closed