Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.0.ER4
Affects Version/s: 7.0.0.ER1
Component/s: Transactions
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.0.GA
Workaround:

Workaround Exists
Workaround Description:

Hide

There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true).

Show
There is a property flag to allow subclass instantiations without the security check ( jdk.corba.allowOutputStreamSubclass=true ).

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Since JDK 7u25 version org.omg.CORBA_2_3.portable.Output/InputStream classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks SerializablePermission("enableSubclassImplementation"). There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings.

At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled.

See the following stacktraces:

	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271)
	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	  at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67)
	  at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84)
	  at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74)
	  at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273)
	  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:695)
	  at com.sun.corba.se.impl.encoding.CDRInputStream.read_any(CDRInputStream.java:238)
	  at org.omg.CosTransactions.PropagationContextHelper.read(PropagationContextHelper.java:88)
	  at com.arjuna.ArjunaOTS._ArjunaTransactionStub.get_txcontext(_ArjunaTransactionStub.java:387)
	  at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:223)
	  at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245)
	  at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355)
	  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293)
	  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137)
	  at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449)
	  at org.omg.CosTransactions._ResourceStub.commit_one_phase(_ResourceStub.java:94)
	  at com.arjuna.ats.internal.jts.resources.ResourceRecord.topLevelOnePhaseCommit(ResourceRecord.java:537)
	  at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2361)
	  at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1495)
	  - locked <0x360a> (a com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple)
	  at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:375)
	  at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244)
	  at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247)
	  at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276)
	  at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313)
	  at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130)
	  at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89)
	  at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178)
	  at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65)

	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271)
	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	  at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67)
	  at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84)
	  at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74)
	  at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273)
	  at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2018)
	  at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2054)
	  at com.sun.corba.se.impl.corba.AnyImpl.write_value(AnyImpl.java:610)
	  at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encodeImpl(CDREncapsCodec.java:173)
	  at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encode_value(CDREncapsCodec.java:119)
	  at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:280)
	  at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245)
	  at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355)
	  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293)
	  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137)
	  at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449)
	  at com.arjuna.ArjunaOTS._ArjunaTransactionStub.is_top_level_transaction(_ArjunaTransactionStub.java:193)
	  at com.arjuna.ats.jts.OTSManager.destroyControl(OTSManager.java:133)
	  at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.destroyAction(ArjunaTransactionImple.java:2201)
	  at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:392)
	  at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244)
	  at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247)
	  at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276)
	  at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313)
	  at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130)
	  at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89)
	  at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178)
	  at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65)

blocks

JBEAP-971 Fix issues in tests with Security Manager

Closed

is caused by

JBTM-2577 CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force

Closed

is incorporated by

JBEAP-2267 Upgrade Narayana to 5.2.9.Final

Closed

is related to

JBEAP-1439 Tests from IIOP module fails with security manager

Closed

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates