Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-416

Change in permissions is not visible until server reload

    XMLWordPrintable

Details

    • Hide
      # store the test application system-property.war into /tmp folder
      
      # run server with security manager
      ./standalone.sh -secmgr
      
      # deploy the test application
      ./jboss-cli.sh -c "deploy /tmp/system-property.war"
      
      # open http://localhost:8080/system-property/ and check if there is a AccessControlException stack trace
      # it's expected state, because the app has no permissions.xml
      
      # add AllPermission to deployment permissions minimum-set
      ./jboss-cli.sh -c << EOT
      /subsystem=security-manager/deployment-permissions=default/minimum-set=default:add
      /subsystem=security-manager/deployment-permissions=default/minimum-set=default/permission=test:add(class=java.security.AllPermission)
      EOT
      
      # from the server response you can see the server reload is not required
      
      # open http://localhost:8080/system-property/ and check if you see the JRE path in the response - expected behavior
      # Instead of the expected state the AccessControlException is still present => BUG!
      
      # reload server
      ./jboss-cli.sh -c reload
      
      # open http://localhost:8080/system-property/ and check if you see the JRE path in the response - Yes! it works now.
      
      Show
      # store the test application system-property.war into /tmp folder # run server with security manager ./standalone.sh -secmgr # deploy the test application ./jboss-cli.sh -c "deploy /tmp/system-property.war" # open http: //localhost:8080/system-property/ and check if there is a AccessControlException stack trace # it's expected state, because the app has no permissions.xml # add AllPermission to deployment permissions minimum-set ./jboss-cli.sh -c << EOT /subsystem=security-manager/deployment-permissions= default /minimum-set= default :add /subsystem=security-manager/deployment-permissions= default /minimum-set= default /permission=test:add(class=java.security.AllPermission) EOT # from the server response you can see the server reload is not required # open http: //localhost:8080/system-property/ and check if you see the JRE path in the response - expected behavior # Instead of the expected state the AccessControlException is still present => BUG! # reload server ./jboss-cli.sh -c reload # open http: //localhost:8080/system-property/ and check if you see the JRE path in the response - Yes! it works now.

    Description

      When adding permissions in the security-manager subsystem, the changes are not used until server reload. But the CLI operation doesn't require reload.

      Attachments

        Issue Links

          Activity

            People

              josef.cacek@gmail.com Josef Cacek (Inactive)
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: