Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21504

Relative paths in permissions.xml doesn't work on JDK11

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 7.3.0.GA, 7.4.0.Beta
    • Security, Security Manager
    • None
    • False
    • False
    • Undefined

      Relative paths in permissions.xml doesn't work on JDK11.

      This is not a regression against EAP 7.3.0GA.

      JmxControlledStateNotificationsTestCase in domain module fails because of this on JDK11, same test in standalone/manualmode modules are passing because workarounds added by WFCORE-4252.

      Steps to reproduce:

      • Prepare deployment with permissions.xml file:
        <?xml version="1.0" encoding="UTF-8"?>
        <permissions version="7" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
            <permission xmlns="">
                <class-name>java.io.FilePermission</class-name>
                <name>test.txt</name>
                <actions>read, write</actions>
            </permission>
        </permissions>
        
      • and end-point
            @GET
            @Path("test")
            public String test1() throws Exception {
                if (!Files.exists(targetFile)) {
                    Files.createDirectories(targetFile);
                }
                return "ok\n";
            }
        
      • Start server with enabled secmgr: ./standalone.sh -secmgr
      • Allow basic permissions:
        /subsystem=security-manager/deployment-permissions=default:write-attribute(name=minimum-permissions, value=[{class="java.util.PropertyPermission", actions="read", name="*"}])
        reload
        
      • Deploy the deployment
      • Make http request for the end-point
        • JDK8: ok
        • JDK11:
          Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/eap/old/7.3.0/jboss-eap-7.3/bin/test.txt" "read")" in code source "(vfs:/content/custom-application.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.custom-application.war" from Service Module Loader")
          

              Unassigned Unassigned
              mkopecky@redhat.com Marek Kopecky
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: