Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18734

(7.3.z) ELYWEB-67 - A doPrivileged it required to access the JASPI AuthConfigFactory

    Details

    • Target Release:
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Within the security-manager subsystem the following permission can be defined in the minimum set of permissions applied to all deployments: -

      <permission class="java.security.SecurityPermission" name="getProperty.authconfigprovider.factory" />
      

      Alternatively the permission can be added to the permissions.xml within the deployment to grant this permission to the deployment.

      Show
      Within the security-manager subsystem the following permission can be defined in the minimum set of permissions applied to all deployments: - <permission class="java.security.SecurityPermission" name="getProperty.authconfigprovider.factory" /> Alternatively the permission can be added to the permissions.xml within the deployment to grant this permission to the deployment.
    • QE Test Coverage:
      -

      Description

      Without this fix in place deployments could see a message similar to the following logged at DEBUG level: -

      2020-02-17 13:17:28,367 DEBUG [org.wildfly.security.access] (default task-1) Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:303) [wildfly-elytron-security-manager-1.10.4.Final-redhat-00001.jar:1.10.4.Final-redhat-00001]
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:200) [wildfly-elytron-security-manager-1.10.4.Final-redhat-00001.jar:1.10.4.Final-redhat-00001]
      	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166) [jboss-jaspi-api_1.1_spec-2.0.1.Final-redhat-00001.jar:2.0.1.Final-redhat-00001]
      	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201) [jboss-jaspi-api_1.1_spec-2.0.1.Final-redhat-00001.jar:2.0.1.Final-redhat-00001]
      	at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.getAuthConfigFactory(ServletSecurityContextImpl.java:119)
      	at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:92)
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  ivassile Ilia Vassilev
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: