Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.1.CR1, 7.4.1.GA
Affects Version/s: 7.3.4.GA
Component/s: Security Manager
Labels:
- downstream_dependency
- test_included

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Release Note Text:
Undefined
Target Release:

7.4.z.GA
Workaround:

Workaround Exists
Workaround Description:

Hide

Remove or correct the invalid permissions.

Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.

Show
Remove or correct the invalid permissions. Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.
Git Pull Request:
https://github.com/jbossas/wildfly-core-eap/pull/998
Steps to Reproduce:
Hide

Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission.

<subsystem xmlns="urn:jboss:domain:security-manager:1.0"> <deployment-permissions> <minimum-set> <permission class="invalid.class.name"/> </minimum-set> <maximum-set> </maximum-set> </deployment-permissions> </subsystem>

Start EAP

Observe the startup errors
Show
Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission. <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> <deployment-permissions> <minimum-set> <permission class="invalid.class.name"/> </minimum-set> <maximum-set> </maximum-set> </deployment-permissions> </subsystem> Start EAP Observe the startup errors
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If the security manager contains an invalid class or other data in the minimum-set it throws a NullPointerException instead of a useful error message.

ERROR [management-operation] WFLYCTL0013 : Operation ("add") failed - address ([("subsystem" => "security-manager")]): java.lang.NullPointerException 
 at java.security.Permissions.getPermissionCollection(Permissions.java:240) 
 at java.security.Permissions.implies(Permissions.java:179) at org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75) at org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
...

The same thing happens with other missing data.

Works:

<permission class="java.io.FilePermission" name="/foo" actions="read"/>

Fail with NullPointerException:

<permission class="invalid.class.name" name="/foo" actions="read"/>

<permission class="java.io.FilePermission" name="/foo"/>

<permission class="java.io.FilePermission" actions="read"/>

The NullPointerException does not occur if maximum-set is absent, or contains java.security.AllPermission

clones

WFCORE-5243 NullPointerException when invalid <permission> classes specified

Closed

is cloned by

JBEAP-20798 [GSS](7.3.z) WFCORE-5243 - NullPointerException when invalid <permission> classes specified

Closed

is incorporated by

JBEAP-21978 (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001

Closed

relates to

JBEAP-16526 [GSS](7.2.z) WFCORE-4374 - security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does

Closed

Assignee:: Ricardo Martin Camarero

Reporter:: Dennis Reed

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2021/01/11 4:04 PM

Updated:: 2024/08/27 1:49 PM

Resolved:: 2021/07/22 7:54 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates