Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-2770

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

    Details

      Description

      Running NestedRemoteContextTestCase (from WildFly/EAP testsuite/integration/basic) with security manager, like

      ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager
      

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found
      

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
      new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
      new RemotingPermission("createEndpoint"),
      new RuntimePermission("createXnioWorker"),
      new RemotingPermission("addConnectionProvider"),
      new RuntimePermission("modifyThread"),
      new RuntimePermission("accessDeclaredMembers"),
      new ReflectPermission("suppressAccessChecks")
      

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

      Customer impact: customer could be unable to set required permissions for application (using Remoting) deployed on EAP with security manager enabled.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  istudens Ivo Studensky
                  Reporter:
                  okotek Ondrej Kotek
                  Tester:
                  Jan Tymel
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: