Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12434

StackOverflowError when adding and removing jacc policy in the elytron subsystem

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Critical Critical
    • None
    • 7.1.0.ER2
    • Security
    • None
    • Documentation (Ref Guide, User Guide, etc.), User Experience
    • Hide 
      [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
{
    "outcome" => "success",
    "response-headers" => {
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9990 /] reload
[standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:list-add(name=custom-policy, value={name=foo, class-name=bar})
{
    "outcome" => "success",
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9990 /] reload
[standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:list-remove(name=custom-policy, index=0)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9990 /] reload
[standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:remove()
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}
[standalone@localhost:9990 /] reload
[standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
{
    "outcome" => "failed",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    },
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
    Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy@502d9a84]
    Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}},
    "rolled-back" => true
}
      Show
      [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}]) { "outcome" => "success" , "response-headers" => { "process-state" => "reload-required" } } [standalone@localhost:9990 /] reload [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:list-add(name=custom-policy, value={name=foo, class- name=bar}) { "outcome" => "success" , "operation-requires-reload" => true , "process-state" => "reload-required" } } [standalone@localhost:9990 /] reload [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:list-remove(name=custom-policy, index=0) { "outcome" => "success" , "response-headers" => { "operation-requires-reload" => true , "process-state" => "reload-required" } } [standalone@localhost:9990 /] reload [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:remove() { "outcome" => "success" , "response-headers" => { "operation-requires-reload" => true , "process-state" => "reload-required" } } [standalone@localhost:9990 /] reload [standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}]) { "outcome" => "failed" , "response-headers" => { "operation-requires-reload" => true , "process-state" => "reload-required" }, "failure-description" => { "WFLYCTL0080: Failed services" => { "org.wildfly.security.policy" => "Failed to start service Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy@502d9a84] Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}}, "rolled-back" => true }

      Adding new Elytron policy fails if it was previously added and then removed. Next adding logs an exception in server.log as warning:

      2017-07-31 11:59:03,335 WARN  [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000004: Failure during stop of service org.wildfly.security.policy: java.lang.StackOverflowError
	at java.util.HashMap.putVal(HashMap.java:628)
	at java.util.HashMap.put(HashMap.java:611)
	at java.security.BasicPermissionCollection.add(BasicPermission.java:377)
	at java.security.Permissions.add(Permissions.java:133)
	at java.security.Policy.getPermissions(Policy.java:662)
	at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.elements(JaccDelegatingPolicy.java:136)
	at java.security.Policy.getPermissions(Policy.java:661)
	at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
	at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:126)
	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.elements(JaccDelegatingPolicy.java:136)
	at java.security.Policy.getPermissions(Policy.java:661)
	at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
	at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:126)
	at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.elements(JaccDelegatingPolicy.java:136)
	at java.security.Policy.getPermissions(Policy.java:661)...

              mstefank Martin Stefanko
              mstefank Martin Stefanko
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: