Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-2770

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

    XMLWordPrintable

Details

    Description

      Running NestedRemoteContextTestCase (from WildFly/EAP testsuite/integration/basic) with security manager, like

      ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
new FilePermission("/home/okotek/git/jboss-eap7/dist/target/wildfly-7.0.0.ER4-redhat-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
new RemotingPermission("createEndpoint"),
new RuntimePermission("createXnioWorker"),
new RemotingPermission("addConnectionProvider"),
new RuntimePermission("modifyThread"),
new RuntimePermission("accessDeclaredMembers"),
new ReflectPermission("suppressAccessChecks")

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

      Customer impact: customer could be unable to set required permissions for application (using Remoting) deployed on EAP with security manager enabled.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-821 "XNIO001001: No XNIO provider found" by some tests in main TS with security manager

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Verified

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-971 Fix issues in tests with Security Manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          clones

          Bug - A problem that impairs or prevents the functions of the product. WFLY-8289 FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          duplicates

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-4075 URLBindingTestCase misses RemotingPermission and fails when run with security manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-9238 Upgrade to WildFly Naming Client 1.0.0.Beta12

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is caused by

          Bug - A problem that impairs or prevents the functions of the product. WFNC-23 WildFlyRootContext needs to initiate Service Loaders within privileged blocks

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              istudens@redhat.com Ivo Studensky
              okotek@redhat.com Ondrej Kotek
              Jan Tymel Jan Tymel (Inactive)
              Jan Tymel Jan Tymel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: