Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-16526

[GSS](7.2.z) WFCORE-4374 - security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does

XMLWordPrintable

    • +
    • Hide

      Add module="java.se"
      <permission class="javax.management.MBeanServerPermission" name="createMBeanServer" module="java.se"/>

      Show
      Add module="java.se" <permission class="javax.management.MBeanServerPermission" name="createMBeanServer" module="java.se"/>

      When configuring a jdbc driver deployment jar with permissions.xml it I was able to resolve all of the needed permissions. But then when I remove the permissions.xml from the deployment and define the same permissions in the security-manager, it fails saying it requires the javax.management.MBeanServerPermission createMBeanServer even though it is defined in the subsystem.

      23:41:13,007 ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/Users/bmaxwell/Downloads/02291781/jboss-eap-7.3/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader")
      
              <minimum-set>
                  <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/>
              </minimum-set>
      

      If you put a permissions.xml in the deployment's META-INF with this below then it works fine. The other permissions I used for the jdbc driver seemed to work fine, it is just this one that seems inconsistent for some reason.

      <?xml version="1.0" encoding="UTF-8"?>
      <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                   http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd"
                   version="7">
        <permission>
        <class-name>javax.management.MBeanServerPermission</class-name>
        <name>createMBeanServer</name>
        </permission>
      </permissions>
      

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-bmaxwell Brad Maxwell
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: