Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Critical
Fix Version/s: 7.1.14.GA
Affects Version/s: 7.1.0.DR16
Component/s: Hibernate
Labels:
None

Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/4893

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When running tests that use Hibernate native API with security manager we see

Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "(vfs:/content/hibernate4native_transactiontest.ear/beans.jar <no signer certificates>)" of "null")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
	at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:335)
	at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274)
	at java.lang.ClassLoader.<init>(ClassLoader.java:316)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl$AggregatedClassLoader.<init>(ClassLoaderServiceImpl.java:164)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl$AggregatedClassLoader.<init>(ClassLoaderServiceImpl.java:160)
	at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl.<init>(ClassLoaderServiceImpl.java:94)
	at org.hibernate.boot.registry.BootstrapServiceRegistryBuilder.build(BootstrapServiceRegistryBuilder.java:207)
	at org.hibernate.cfg.Configuration.<init>(Configuration.java:119)
	at org.jboss.as.test.integration.hibernate.SFSBHibernateTransaction.setupConfig(SFSBHibernateTransaction.java:63)
	... 200 more

When we add that permission then we see

Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/msimka/Projekty/redhat/git/wildfly/dist/target/wildfly-11.0.0.Beta1-SNAPSHOT/modules/system/layers/base/org/hibernate/main/hibernate-envers-5.1.5.Final.jar" "read")" in code source "(vfs:/content/hibernate4naturalid_test.ear/beans.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.hibernate4naturalid_test.ear.beans.jar" from Service Module Loader")
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
        at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350)
        at java.util.zip.ZipFile.<init>(ZipFile.java:210)
        at java.util.zip.ZipFile.<init>(ZipFile.java:149)
        at java.util.jar.JarFile.<init>(JarFile.java:166)
        at java.util.jar.JarFile.<init>(JarFile.java:103)
        at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
        at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
        at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84)
        at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
        at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
        at java.net.URL.openStream(URL.java:1045)
        at java.util.ServiceLoader.parse(ServiceLoader.java:304)
        at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
        at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
        at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
        at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
        at org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl.loadJavaServices(ClassLoaderServiceImpl.java:340)
        at org.hibernate.integrator.internal.IntegratorServiceImpl.<init>(IntegratorServiceImpl.java:40)
        at org.hibernate.boot.registry.BootstrapServiceRegistryBuilder.build(BootstrapServiceRegistryBuilder.java:213)
        at org.jboss.as.test.integration.hibernate.naturalid.SFSBHibernateSFNaturalId.setupConfig(SFSBHibernateSFNaturalId.java:57)
        ... 208 more

Based on comment we should check whether Hibernate can do this in privileged block.

clones

JBEAP-10612 (7.1.z) HHH-10435 HHH-12542 HHH-12189 Hibernate requires special permission for creating classloader and loading integrators

Closed

is documented by

JBEAP-15369 (7.1.x) Security Manager is not supported when Hibernate is bootstrapped by an application

Closed

is related to

JBEAP-12017 HibernateNativeAPINaturalIdTestCase fails with security manager

Resolved

JBEAP-971 Fix issues in tests with Security Manager

Closed

relates to

JBEAP-3367 "java.lang.RuntimePermission" by some tests running with security manager

Closed

is blocked by: HHH-10435 Loading...; HHH-12189 Loading...; HHH-12542 Loading...

(3 is blocked by)

Assignee:: Giorgos Samios

Reporter:: Giorgos Samios

Tester:: Jiří Bílek (Inactive)

QA Contact:: Jiří Bílek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2026/01/23 11:35 AM

Updated:: 2026/01/23 11:43 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates