-
Bug
-
Resolution: Done
-
Blocker
-
8.0.0.Beta
-
None
-
False
-
None
-
False
-
-
-
-
-
-
Known Issue
-
Workaround Exists
-
The jakarta.activation.api module cannot load the Angus Activation implementation if the security manager is enabled. An example stack trace is:
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/Users/yborgess/.m2/repository/org/eclipse/angus/angus-mail/1.0.0/angus-mail-1.0.0.jar" "read")" in code source "(vfs:/content/jakarta-mail-tester-1.0-SNAPSHOT.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jakarta-mail-tester-1.0-SNAPSHOT.war" from Service Module Loader") at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:374) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:237) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177) at java.base/java.util.jar.JarFile.<init>(JarFile.java:350) at java.base/sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:103) at java.base/sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:72) at java.base/sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99) at java.base/sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:125) at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:155) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.parse(ServiceLoader.java:1165) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1206) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1221) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator$1.run(ServiceLoader.java:1268) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator$1.run(ServiceLoader.java:1267) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1270) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1300) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1385) at jakarta.mail.api@2.1.0//jakarta.mail.util.FactoryFinder.factoryFromServiceLoader(FactoryFinder.java:130) ... 52 more
In addition to the above and depending on how the API is used, it can also require accessDeclaredMembers as additional permission which was not required before Jakarta EE 10. The following is an example of the trace requiring such a permission:
17:54:49,284 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jakarta-mail-tester-1.0-SNAPSHOT/mail: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessDeclaredMembers")" in code source "(vfs:/content/jakarta-mail-tester-1.0-SNAPSHOT.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jakarta-mail-tester-1.0-SNAPSHOT.war" from Service Module Loader") at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201) at java.base/java.lang.Class.checkMemberAccess(Class.java:2847) at java.base/java.lang.Class.getDeclaredConstructor(Class.java:2549) at jakarta.activation.api@2.1.2-SNAPSHOT-jbossorg-1//jakarta.activation.MailcapCommandMap.getDataContentHandler(MailcapCommandMap.java:620) at jakarta.activation.api@2.1.2-SNAPSHOT-jbossorg-1//jakarta.activation.MailcapCommandMap.createDataContentHandler(MailcapCommandMap.java:573) at jakarta.activation.api@2.1.2-SNAPSHOT-jbossorg-1//jakarta.activation.DataHandler.getDataContentHandler(DataHandler.java:591) at jakarta.activation.api@2.1.2-SNAPSHOT-jbossorg-1//jakarta.activation.DataHandler.writeTo(DataHandler.java:290) at jakarta.mail.api@2.1.1.jbossorg-1//jakarta.mail.internet.MimeUtility.getEncoding(MimeUtility.java:316) at jakarta.mail.api@2.1.1.jbossorg-1//jakarta.mail.internet.MimeBodyPart.updateHeaders(MimeBodyPart.java:1580) at jakarta.mail.api@2.1.1.jbossorg-1//jakarta.mail.internet.MimeMessage.updateHeaders(MimeMessage.java:2265) at jakarta.mail.api@2.1.1.jbossorg-1//jakarta.mail.internet.MimeMessage.saveChanges(MimeMessage.java:2225) at jakarta.mail.api@2.1.1.jbossorg-1//jakarta.mail.Transport.send(Transport.java:99) at deployment.jakarta-mail-tester-1.0-SNAPSHOT.war//wildfly.demo.MailServlet.doGet(MailServlet.java:44) at jakarta.servlet.api@6.0.0//jakarta.servlet.http.HttpServlet.service(HttpServlet.java:527) at jakarta.servlet.api@6.0.0//jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161) at org.wildfly.security.elytron-base@2.0.0.Beta2//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73) at org.wildfly.security.elytron-web.undertow-server@3.0.0.Beta1//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.core@2.3.0.Alpha2//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.core@2.3.0.Alpha2//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at org.wildfly.security.elytron-web.undertow-server-servlet@3.0.0.Beta1//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at org.wildfly.extension.undertow@8.0.0.Beta-redhat-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:106) at java.base/java.security.AccessController.doPrivileged(Native Method) at io.undertow.servlet@2.3.0.Alpha2//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:103) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387) at io.undertow.core@2.3.0.Alpha2//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348) at org.jboss.xnio@3.8.7.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) at java.base/java.lang.Thread.run(Thread.java:829)
- is related to
-
WFLY-17116 Upgrade Jakarta Activation to 2.1.1.jbossorg-1
-
- Closed
-