-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
7.3.0.GA, 7.4.0.Beta
-
None
-
False
-
False
-
-
-
-
-
-
Undefined
-
Relative paths in permissions.xml doesn't work on JDK11.
This is not a regression against EAP 7.3.0GA.
JmxControlledStateNotificationsTestCase in domain module fails because of this on JDK11, same test in standalone/manualmode modules are passing because workarounds added by WFCORE-4252.
Steps to reproduce:
- Prepare deployment with permissions.xml file:
<?xml version="1.0" encoding="UTF-8"?> <permissions version="7" xmlns="http://xmlns.jcp.org/xml/ns/javaee"> <permission xmlns=""> <class-name>java.io.FilePermission</class-name> <name>test.txt</name> <actions>read, write</actions> </permission> </permissions>
- and end-point
@GET @Path("test") public String test1() throws Exception { if (!Files.exists(targetFile)) { Files.createDirectories(targetFile); } return "ok\n"; }
- Start server with enabled secmgr: ./standalone.sh -secmgr
- Allow basic permissions:
/subsystem=security-manager/deployment-permissions=default:write-attribute(name=minimum-permissions, value=[{class="java.util.PropertyPermission", actions="read", name="*"}]) reload
- Deploy the deployment
- Make http request for the end-point
- JDK8: ok
- JDK11:
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/eap/old/7.3.0/jboss-eap-7.3/bin/test.txt" "read")" in code source "(vfs:/content/custom-application.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.custom-application.war" from Service Module Loader")