Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10058

Tests using resteasy validator provider fail with RuntimePermission with security manager

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.ER2
    • 7.1.0.DR15
    • REST
    • Hide 
      git clone https://github.com/kanovotn/Resteasy.git; cd Resteasy; git checkout securityManager
mvn clean install -DskipTests
cd testsuite
mvn clean verify -Dserver.home=EAP_HOME -Dversion.resteasy.testsuite=3.0.21.Final -fn -Dtest=ValidationThroughRestTest -Dmaven.test.redirectTestOutputToFile=false -Dsecurity.manager
      Show
      git clone https: //github.com/kanovotn/Resteasy.git; cd Resteasy; git checkout securityManager mvn clean install -DskipTests cd testsuite mvn clean verify -Dserver.home=EAP_HOME -Dversion.resteasy.testsuite=3.0.21.Final -fn -Dtest=ValidationThroughRestTest -Dmaven.test.redirectTestOutputToFile= false -Dsecurity.manager

    Description

      Description:
      Tests are running on EAP with security manager and produces following error.
      Deployments which use resteasy validator provider fail with the following permission check:

      ("java.lang.RuntimePermission" "accessDeclaredMembers")

      The affected tests from resteasy testsuite are:
      ValidationThroughRestTest
      CustomExceptionMapperTest

      Stacktrace:

      "default task-15@21892" prio=5 tid=0x46b nid=NA runnable
  java.lang.Thread.State: RUNNABLE
	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	  at java.lang.Class.checkMemberAccess(Class.java:2348)
	  at java.lang.Class.getDeclaredMethod(Class.java:2127)
	  at org.jboss.resteasy.plugins.validation.ConstraintTypeUtil11.getMethod(ConstraintTypeUtil11.java:95)
	  at org.jboss.resteasy.plugins.validation.ConstraintTypeUtil11.getConstraintType(ConstraintTypeUtil11.java:62)
	  at org.jboss.resteasy.api.validation.ResteasyViolationException.convertViolation(ResteasyViolationException.java:404)
	  at org.jboss.resteasy.api.validation.ResteasyViolationException.convertViolations(ResteasyViolationException.java:365)
	  at org.jboss.resteasy.api.validation.ResteasyViolationException.toString(ResteasyViolationException.java:208)
	  at java.lang.Throwable.<init>(Throwable.java:311)
	  at java.lang.Exception.<init>(Exception.java:102)
	  at java.lang.RuntimeException.<init>(RuntimeException.java:96)
	  at javax.ejb.EJBException.<init>(EJBException.java:42)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:349)
	  at org.jboss.as.ejb3.tx.LifecycleCMTTxInterceptor.processInvocation(LifecycleCMTTxInterceptor.java:74)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.weld.injection.WeldInjectionContextInterceptor.processInvocation(WeldInjectionContextInterceptor.java:43)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	  at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:161)
	  at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:134)
	  at org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:88)
	  at org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:64)
	  at org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:61)
	  at org.jboss.as.ejb3.pool.AbstractPool.create(AbstractPool.java:56)
	  at org.jboss.as.ejb3.pool.strictmax.StrictMaxPool.get(StrictMaxPool.java:124)
	  at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:47)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
	  at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
	  at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64)
	  at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:84)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
	  at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
	  at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	  at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	  at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
	  at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74)
	  at org.jboss.resteasy.test.validation.resource.ValidationThroughRestResource$$$view31.createHike(Unknown Source:-1)
	  at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
	  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	  at java.lang.reflect.Method.invoke(Method.java:498)
	  at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:433)
	  at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:127)
	  at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56)
	  at org.jboss.weld.bean.proxy.InjectionPointPropagatingEnterpriseTargetBeanInstance.invoke(InjectionPointPropagatingEnterpriseTargetBeanInstance.java:67)
	  at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:100)
	  at org.jboss.resteasy.test.validation.resource.ValidationThroughRestResource$Proxy$_$$_Weld$EnterpriseProxy$.createHike(Unknown Source:-1)
	  at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
	  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	  at java.lang.reflect.Method.invoke(Method.java:498)
	  at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
	  at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
	  at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
	  at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
	  at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
	  at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
	  at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
	  at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	  at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	  at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	  at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	  at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	  at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	  at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	  at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	  at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	  at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	  at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	  at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	  at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	  at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	  at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	  at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	  at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$752.2032665059.call(Unknown Source:-1)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$753.417437644.call(Unknown Source:-1)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$753.417437644.call(Unknown Source:-1)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$753.417437644.call(Unknown Source:-1)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	  at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$753.417437644.call(Unknown Source:-1)
	  at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	  at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	  at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
	  at java.security.AccessController.doPrivileged(AccessController.java:-1)
	  at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
	  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	  at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	  at java.lang.Thread.run(Thread.java:745)

      Attachments

        Activity

          People

            kanovotn Katerina Odabasi (Inactive)
            kanovotn Katerina Odabasi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: