-
Bug
-
Resolution: Done
-
Critical
-
8.0.0.GA
-
False
-
None
-
False
-
Release Notes
-
-
-
-
-
-
-
org.jboss.ejb.client.legacy.JBossEJBProperties makes a call during class initialization that requires security permissions, without use of an appropriate privileged block.
It is invalid for a class to do anything during class initialization that depends on the context it's called from, as it is undefined when and where that can occur.
The call to ContextManager.setGlobalDefaultSupplier needs to be wrapped in a privileged block.
java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.common.context.ContextPermission" "org.jboss.ejb.client.legacy-properties" "setGlobalDefaultSupplier")" in code source "(vfs:/content/app.ear/app.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.app.ear.app.jar" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
at org.wildfly.common.context.ContextManager.setGlobalDefaultSupplier(ContextManager.java:93)
at org.jboss.ejb.client.legacy.JBossEJBProperties.<clinit>(JBossEJBProperties.java:123)
- is cloned by
-
-
- Resolved
-
- is incorporated by
-
JBEAP-27731 (8.0.z) Upgrade jboss-ejb-client from 5.0.6.Final-redhat-00001 to 5.0.8.Final-redhat-00001
-
- Resolved
-
- relates to
-
-
- Resolved
-
