Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.4.20.GA, 7.4.20.CR1
Affects Version/s: 7.4.18.GA
Component/s: EJB
Labels:
- regression_test_only

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Release Notes
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
-
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/wildfly/jboss-ejb-client/pull/737
Steps to Reproduce:

Hide

Test coverage: No test coverage provided because it is hard to reproduce issue. It seems that customers are package the applications in their specific way, not sure what it is, but triggered this case.
On the other hand, the fix is just moving the static class initial block to a doPrivileged block, which shouldn't cause any problem or security concerns
*Planned testing: *Full regression testing for ejb

Show
Test coverage: No test coverage provided because it is hard to reproduce issue. It seems that customers are package the applications in their specific way, not sure what it is, but triggered this case. On the other hand, the fix is just moving the static class initial block to a doPrivileged block, which shouldn't cause any problem or security concerns *Planned testing: *Full regression testing for ejb
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

org.jboss.ejb.client.legacy.JBossEJBProperties makes a call during class initialization that requires security permissions, without use of an appropriate privileged block.

It is invalid for a class to do anything during class initialization that depends on the context it's called from, as it is undefined when and where that can occur.

The call to ContextManager.setGlobalDefaultSupplier needs to be wrapped in a privileged block.

java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.common.context.ContextPermission" "org.jboss.ejb.client.legacy-properties" "setGlobalDefaultSupplier")" in code source "(vfs:/content/app.ear/app.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.app.ear.app.jar" from Service Module Loader")
    at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
    at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
    at org.wildfly.common.context.ContextManager.setGlobalDefaultSupplier(ContextManager.java:93)
    at org.jboss.ejb.client.legacy.JBossEJBProperties.<clinit>(JBossEJBProperties.java:123)

clones

JBEAP-28148 [GSS](8.0.z) EJBCLIENT-539 - JBossEJBProperties failing to set appropriate security context

Resolved

is incorporated by

JBEAP-28238 (7.4.z) Upgrade ejb-client from 4.0.55.Final-redhat-00001 to 4.0.56.Final-redhat-00001

Resolved

relates to

EJBCLIENT-539 JBossEJBProperties failing to set appropriate security context

Resolved

Assignee:: Chao Wang

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/10/03 8:51 PM

Updated:: 2024/11/01 6:15 AM

Resolved:: 2024/10/16 2:22 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates