Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9940

Tests using ResteasyJackson2Provider are failing with security manager

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.2.0.CD14
    • 7.1.0.DR15
    • REST
    • Hide
      git clone https://github.com/kanovotn/Resteasy.git; cd Resteasy; git checkout securityManager
      mvn clean install -DskipTests
      cd testsuite
      mvn clean verify -Dserver.home=EAP_HOME -Dversion.resteasy.testsuite=3.0.21.Final -fn -Dtest=JsonFilterWithInterceptorMultipleFiltersTest -Dmaven.test.redirectTestOutputToFile=false -Dsecurity.manager
      
      Show
      git clone https: //github.com/kanovotn/Resteasy.git; cd Resteasy; git checkout securityManager mvn clean install -DskipTests cd testsuite mvn clean verify -Dserver.home=EAP_HOME -Dversion.resteasy.testsuite=3.0.21.Final -fn -Dtest=JsonFilterWithInterceptorMultipleFiltersTest -Dmaven.test.redirectTestOutputToFile= false -Dsecurity.manager

      Description:
      Tests for filtering Json fields fail with RuntimePermission check in EAP when it is running with security manager turned on.

      The affected tests from resteasy testsuite are:
      JsonFilterSuperClassTest
      JsonFilterWithSerlvetFilterTest
      JsonFilterWithServletConditionalFilterTest
      JsonFilterWithServletMultipleFiltersTest
      JsonFilterWithInterceptorConditionalFilterTest
      JsonFilterWithInterceptorMultipleFiltersTest
      JsonFilterWithInterceptrTest
      AsynchContextualDataTest

      Stacktrace:

      10:58:55,744 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /JsonFilterWithInterceptorMultipleFiltersTest/person/333: org.jboss.resteasy.spi.UnhandledException: RESTEASY003770: Response is committed, can't handle exception
      	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:174)
      	at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:478)
      	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:422)
      	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
      	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
      	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
      	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
      	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessDeclaredMembers")" in code source "(vfs:/content/JsonFilterWithInterceptorMultipleFiltersTest.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.JsonFilterWithInterceptorMultipleFiltersTest.war" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
      	at java.lang.Class.checkMemberAccess(Class.java:2348)
      	at java.lang.Class.getDeclaredMethods(Class.java:1974)
      	at com.fasterxml.jackson.databind.util.ClassUtil.getDeclaredMethods(ClassUtil.java:944)
      	at com.fasterxml.jackson.databind.introspect.AnnotatedClass._findClassMethods(AnnotatedClass.java:1178)
      	at com.fasterxml.jackson.databind.introspect.AnnotatedClass._addMemberMethods(AnnotatedClass.java:723)
      	at com.fasterxml.jackson.databind.introspect.AnnotatedClass.resolveMemberMethods(AnnotatedClass.java:534)
      	at com.fasterxml.jackson.databind.introspect.AnnotatedClass.memberMethods(AnnotatedClass.java:322)
      	at com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector.findObjectIdInfo(JaxbAnnotationIntrospector.java:302)
      	at com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair.findObjectIdInfo(AnnotationIntrospectorPair.java:412)
      	at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getObjectIdInfo(POJOPropertiesCollector.java:248)
      	at com.fasterxml.jackson.databind.introspect.BasicBeanDescription.<init>(BasicBeanDescription.java:111)
      	at com.fasterxml.jackson.databind.introspect.BasicBeanDescription.forSerialization(BasicBeanDescription.java:127)
      	at com.fasterxml.jackson.databind.introspect.BasicClassIntrospector.forSerialization(BasicClassIntrospector.java:91)
      	at com.fasterxml.jackson.databind.introspect.BasicClassIntrospector.forSerialization(BasicClassIntrospector.java:16)
      	at com.fasterxml.jackson.databind.SerializationConfig.introspect(SerializationConfig.java:1000)
      	at com.fasterxml.jackson.databind.ser.BeanSerializerFactory.createSerializer(BeanSerializerFactory.java:138)
      	at com.fasterxml.jackson.databind.SerializerProvider._createUntypedSerializer(SerializerProvider.java:1308)
      	at com.fasterxml.jackson.databind.SerializerProvider._createAndCacheUntypedSerializer(SerializerProvider.java:1258)
      	at com.fasterxml.jackson.databind.SerializerProvider.findValueSerializer(SerializerProvider.java:500)
      	at com.fasterxml.jackson.databind.SerializerProvider.findTypedValueSerializer(SerializerProvider.java:698)
      	at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:270)
      	at com.fasterxml.jackson.databind.ObjectWriter$Prefetch.serialize(ObjectWriter.java:1429)
      	at com.fasterxml.jackson.databind.ObjectWriter.writeValue(ObjectWriter.java:951)
      	at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.writeTo(ResteasyJackson2Provider.java:218)
      	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.writeTo(AbstractWriterInterceptorContext.java:137)
      	at org.jboss.resteasy.core.interception.ServerWriterInterceptorContext.writeTo(ServerWriterInterceptorContext.java:61)
      	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:124)
      	at org.jboss.resteasy.test.providers.jackson2.jsonfilter.resource.JsonFilterModifierMultipleWriteInterceptor.aroundWriteTo(JsonFilterModifierMultipleWriteInterceptor.java:19)
      	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:129)
      	at org.jboss.resteasy.security.doseta.DigitalSigningInterceptor.aroundWriteTo(DigitalSigningInterceptor.java:146)
      	at org.jboss.resteasy.core.interception.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:129)
      	at org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:132)
      	at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:473)
      	... 46 more
      

            rhn-support-iweiss Ingo Weiss
            kanovotn Katerina Odabasi
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: