Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20798

[GSS](7.3.z) WFCORE-5243 - NullPointerException when invalid <permission> classes specified

XMLWordPrintable

    • False
    • False
    • +
    • Undefined
    • Workaround Exists
    • Hide

      Remove or correct the invalid permissions.

      Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.

      Show
      Remove or correct the invalid permissions. Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.
    • Hide
      • Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission.
        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
             <deployment-permissions>
                 <minimum-set>
                    <permission class="invalid.class.name"/>
                </minimum-set>
                <maximum-set>
                </maximum-set>
             </deployment-permissions>
         </subsystem>
      • Start EAP
      • Observe the startup errors
      Show
      Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission. <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> <deployment-permissions> <minimum-set> <permission class="invalid.class.name"/> </minimum-set> <maximum-set> </maximum-set> </deployment-permissions> </subsystem> Start EAP Observe the startup errors

      If the security manager contains an invalid class or other data in the minimum-set it throws a NullPointerException instead of a useful error message.

      ERROR [management-operation] WFLYCTL0013 : Operation ("add") failed - address ([("subsystem" => "security-manager")]): java.lang.NullPointerException 
       at java.security.Permissions.getPermissionCollection(Permissions.java:240) 
       at java.security.Permissions.implies(Permissions.java:179) at org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75) at org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
      ...

      The same thing happens with other missing data.

      • Works:
        <permission class="java.io.FilePermission" name="/foo" actions="read"/>
      • Fail with NullPointerException:
        <permission class="invalid.class.name" name="/foo" actions="read"/>
        <permission class="java.io.FilePermission" name="/foo"/>
        <permission class="java.io.FilePermission" actions="read"/>

      The NullPointerException does not occur if maximum-set is absent, or contains java.security.AllPermission

            rhn-support-rmartinc Ricardo Martin Camarero
            rhn-support-dereed Dennis Reed
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: