Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-1898

getConnection() method on a datasource needs extra permissions when Security Manager is enabled

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 7.0.0.DR12
    • Fix Version/s: 7.0.0.ER4
    • Component/s: JCA
    • Labels:
      None

      Description

      If the server is running with Security Manager enabled, deployment cannot invoke getConnection method on a DataSource without having extra doAs permissions, see the following stacktrace snippet from DsWithSecurityDomainTestCase.

      15:08:52,138 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject] (pool-2-thread-1) IJ000604: Throwable while attempting to get a new connection: null: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.security.auth.AuthPermission" "doAs")" in code source "(vfs:/content/test.ear/lib/single.jar <no signer certificates>)" of "null")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
      	at javax.security.auth.Subject.doAs(Subject.java:410)
      	at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:243)
      	at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1336)
      	at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:501)
      	at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:633)
      	at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:605)
      	at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:603)
      	at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:430)
      	at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:761)
      	at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:138)
      	at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:66)
      	at org.jboss.as.test.integration.jca.security.DsWithSecurityDomainTestCase.deploymentTest(DsWithSecurityDomainTestCase.java:101)
      

      It is a bug of IronJacamar, see JBJCA-1304.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  istudens Ivo Studensky
                  Reporter:
                  istudens Ivo Studensky
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: