Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20799

[GSS](7.4.z) WFCORE-5243 - NullPointerException when invalid <permission> classes specified

    XMLWordPrintable

Details

    • Hide
      • Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission.
        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
             <deployment-permissions>
                 <minimum-set>
                    <permission class="invalid.class.name"/>
                </minimum-set>
                <maximum-set>
                </maximum-set>
             </deployment-permissions>
         </subsystem>
      • Start EAP
      • Observe the startup errors
      Show
      Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission. <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> <deployment-permissions> <minimum-set> <permission class="invalid.class.name"/> </minimum-set> <maximum-set> </maximum-set> </deployment-permissions> </subsystem> Start EAP Observe the startup errors
    • Workaround Exists
    • Hide

      Remove or correct the invalid permissions.

      Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.

      Show
      Remove or correct the invalid permissions. Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.
    • +

    Description

      If the security manager contains an invalid class or other data in the minimum-set it throws a NullPointerException instead of a useful error message.

      ERROR [management-operation] WFLYCTL0013 : Operation ("add") failed - address ([("subsystem" => "security-manager")]): java.lang.NullPointerException 
       at java.security.Permissions.getPermissionCollection(Permissions.java:240) 
       at java.security.Permissions.implies(Permissions.java:179) at org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75) at org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
      ...

      The same thing happens with other missing data.

      • Works:
        <permission class="java.io.FilePermission" name="/foo" actions="read"/>
      • Fail with NullPointerException:
        <permission class="invalid.class.name" name="/foo" actions="read"/>
        <permission class="java.io.FilePermission" name="/foo"/>
        <permission class="java.io.FilePermission" actions="read"/>

      The NullPointerException does not occur if maximum-set is absent, or contains java.security.AllPermission

      Attachments

        Issue Links

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-dereed Dennis Reed
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: