Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
The JAXWS SPI Provider uses ServiceLoader to look for user specified provider implementations. When invoking load method on the ServiceLoader, read permission on the relevant jar is required.
stacktrace:
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/studensky/work/git/jboss-eap-myfork5/dist/target/wildfly-10.0.0.Final-SNAPSHOT/modules/system/layers/base/org/jboss/ws/cxf/jbossws-cxf-factories/main/jbossws-cxf-factories-5.1.2.Final.jar" "read")" in code source "(vfs:/content/ws-serviceref-example.jar <no signer certificates>)" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377) at java.util.zip.ZipFile.<init>(ZipFile.java:210) at java.util.zip.ZipFile.<init>(ZipFile.java:149) at java.util.jar.JarFile.<init>(JarFile.java:166) at java.util.jar.JarFile.<init>(JarFile.java:103) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) at java.net.URL.openStream(URL.java:1045) at java.util.ServiceLoader.parse(ServiceLoader.java:304) at java.util.ServiceLoader.access$200(ServiceLoader.java:185) at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357) at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323) at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396) at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395) at java.security.AccessController.doPrivileged(Native Method) at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398) at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474) at javax.xml.ws.spi.Provider$1.run(Provider.java:154) at javax.xml.ws.spi.Provider$1.run(Provider.java:152) at java.security.AccessController.doPrivileged(Native Method) at javax.xml.ws.spi.Provider.getProviderUsingServiceLoader(Provider.java:152) at javax.xml.ws.spi.Provider.provider(Provider.java:108) ... 102 more
Note: java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398) calls doPrivileged block with an AccessControlContext cached from the load method invocation.