Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Critical
Fix Version/s: None
Affects Version/s: 7.1.0.DR16, 7.2.0.GA.CR1
Component/s: Hibernate
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA
Git Pull Request:
https://github.com/hibernate/hibernate-orm/pull/2280

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When running tests that use Hibernate native API with security manager we see

Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "(vfs:/content/hibernate4native_transactiontest.ear/beans.jar <no signer certificates>)" of "null")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
	at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:335)
	at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274)
	at java.lang.ClassLoader.<init>(ClassLoader.java:316)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl$AggregatedClassLoader.<init>(ClassLoaderServiceImpl.java:164)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl$AggregatedClassLoader.<init>(ClassLoaderServiceImpl.java:160)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl.<init>(ClassLoaderServiceImpl.java:94)
	at org.hibernate.boot.registry.BootstrapServiceRegistryBuilder.build(BootstrapServiceRegistryBuilder.java:207)
	at org.hibernate.cfg.Configuration.<init>(Configuration.java:119)
	at org.jboss.as.test.integration.hibernate.SFSBHibernateTransaction.setupConfig(SFSBHibernateTransaction.java:63)
	... 200 more

When we add that permission then we see

Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/msimka/Projekty/redhat/git/wildfly/dist/target/wildfly-11.0.0.Beta1-SNAPSHOT/modules/system/layers/base/org/hibernate/main/hibernate-envers-5.1.5.Final.jar" "read")" in code source "(vfs:/content/hibernate4naturalid_test.ear/beans.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.hibernate4naturalid_test.ear.beans.jar" from Service Module Loader")
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
        at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350)
        at java.util.zip.ZipFile.<init>(ZipFile.java:210)
        at java.util.zip.ZipFile.<init>(ZipFile.java:149)
        at java.util.jar.JarFile.<init>(JarFile.java:166)
        at java.util.jar.JarFile.<init>(JarFile.java:103)
        at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
        at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
        at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
        at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
        at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
        at java.net.URL.openStream(URL.java:1045)
        at java.util.ServiceLoader.parse(ServiceLoader.java:304)
        at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
        at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
        at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
        at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
        at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl.loadJavaServices(ClassLoaderServiceImpl.java:340)
        at org.hibernate.integrator.internal.IntegratorServiceImpl.<init>(IntegratorServiceImpl.java:40)
        at org.hibernate.boot.registry.BootstrapServiceRegistryBuilder.build(BootstrapServiceRegistryBuilder.java:213)
        at org.jboss.as.test.integration.hibernate.naturalid.SFSBHibernateSFNaturalId.setupConfig(SFSBHibernateSFNaturalId.java:57)
        ... 208 more

Based on comment we should check whether Hibernate can do this in privileged block.

is cloned by

WFLY-9064 HibernateNativeAPINaturalIdTestCase fails with security manager

Resolved

is documented by

JBEAP-15369 (7.1.x) Security Manager is not supported when Hibernate is bootstrapped by an application

Closed

is related to

JBEAP-12017 HibernateNativeAPINaturalIdTestCase fails with security manager

Resolved

JBEAP-971 Fix issues in tests with Security Manager

Closed

relates to

JBEAP-3367 "java.lang.RuntimePermission" by some tests running with security manager

Closed

is blocked by: HHH-10435 Loading...; HHH-12189 Loading...; HHH-12542 Loading...

(3 is blocked by)

Assignee:: Gail Badner (Inactive)

Reporter:: Martin Simka

Tester:: Jiří Bílek (Inactive)

QA Contact:: Jiří Bílek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2017/04/28 4:29 AM

Updated:: 2021/10/24 6:35 AM

Resolved:: 2018/11/17 12:07 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates