Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-2770

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager


      Running NestedRemoteContextTestCase (from WildFly/EAP testsuite/integration/basic) with security manager, like

      ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
      new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
      new RemotingPermission("createEndpoint"),
      new RuntimePermission("createXnioWorker"),
      new RemotingPermission("addConnectionProvider"),
      new RuntimePermission("modifyThread"),
      new RuntimePermission("accessDeclaredMembers"),
      new ReflectPermission("suppressAccessChecks")

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

      Customer impact: customer could be unable to set required permissions for application (using Remoting) deployed on EAP with security manager enabled.

            istudens@redhat.com Ivo Studensky
            okotek@redhat.com Ondrej Kotek
            Jan Tymel Jan Tymel (Inactive)
            Jan Tymel Jan Tymel (Inactive)
            0 Vote for this issue
            5 Start watching this issue