Uploaded image for project: 'JBoss Logging'
  1. JBoss Logging
  2. JBLOGGING-190

Deprecated getBundle and getMessageLogger methods with throw a SecurityException if the security manager is enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 3.6.1.Final
    • 3.6.0.Final
    • None
    • None

      In some cases when usages of the deprecated Messages.getBundle() or Logger.getMessageBundle() are used with the security manager enabled, a SecurityException might be thrown. This is specifically true for applications running inside JBoss Modules.

      Example Logger Exception
      13:43:05,167 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (Thread-107) RESTEASY002020: Unhandled asynchronous exception, sending back 500: java.lang.ExceptionInInitializerError
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.getThrowableExceptionMapper(ResteasyProviderFactoryImpl.java:1661)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:353)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:205)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.asynchronousExceptionDelivery(SynchronousDispatcher.java:504)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.AbstractAsynchronousResponse.internalResume(AbstractAsynchronousResponse.java:208)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.AbstractAsynchronousResponse.internalResume(AbstractAsynchronousResponse.java:191)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.Servlet3AsyncHttpRequest$Servlet3ExecutionContext$Servlet3AsynchronousResponse.resume(Servlet3AsyncHttpRequest.java:90)
	at deployment.jaxrsnoap.war//org.jboss.as.test.integration.jaxrs.async.AsyncResource$1.run(AsyncResource.java:31)
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/jaxrsnoap.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jaxrsnoap.war" from Service Module Loader")
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
	at java.base/java.lang.invoke.MethodHandles$Lookup.checkSecurityManager(MethodHandles.java:3870)
	at java.base/java.lang.invoke.MethodHandles$Lookup.accessClass(MethodHandles.java:3015)
	at java.base/java.lang.invoke.MethodHandles$Lookup.findClass(MethodHandles.java:2870)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Logger.doGetMessageLogger(Logger.java:2625)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Logger.getMessageLogger(Logger.java:2582)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Logger.getMessageLogger(Logger.java:2549)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.providerfactory.DefaultExceptionMapper.<clinit>(DefaultExceptionMapper.java:40)
	... 8 more
      Example Bundle Exception
      13:42:14,459 ERROR [io.undertow.servlet.request] (default task-1) UT015021: Failure dispatching async event: java.lang.NoClassDefFoundError: Could not initialize class org.jboss.resteasy.resteasy_jaxrs.i18n.Messages
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.Servlet3AsyncHttpRequest$Servlet3ExecutionContext$Servlet3AsynchronousResponse.onComplete(Servlet3AsyncHttpRequest.java:258)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.AsyncContextImpl$7.run(AsyncContextImpl.java:600)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.ServletContextImpl.invokeRunnable(ServletContextImpl.java:1089)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.AsyncContextImpl.onAsyncComplete(AsyncContextImpl.java:590)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.AsyncContextImpl.onAsyncCompleteAndRespond(AsyncContextImpl.java:564)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.AsyncContextImpl.completeInternal(AsyncContextImpl.java:270)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.spec.AsyncContextImpl.handleCompletedBeforeInitialRequestDone(AsyncContextImpl.java:445)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:279)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:107)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:571)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.core@2.3.17.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:395)
	at io.undertow.core@2.3.17.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
	at org.jboss.xnio@3.8.16.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.ExceptionInInitializerError: Exception java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/jaxrsnoap.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jaxrsnoap.war" from Service Module Loader") [in thread "default task-1"]
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
	at java.base/java.lang.invoke.MethodHandles$Lookup.checkSecurityManager(MethodHandles.java:3870)
	at java.base/java.lang.invoke.MethodHandles$Lookup.accessClass(MethodHandles.java:3015)
	at java.base/java.lang.invoke.MethodHandles$Lookup.findClass(MethodHandles.java:2870)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Messages.doGetBundle(Messages.java:146)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Messages.getBundle(Messages.java:82)
	at org.jboss.logging@3.6.1.Final-SNAPSHOT//org.jboss.logging.Messages.getBundle(Messages.java:50)
	at org.jboss.resteasy.resteasy-core-spi@6.2.10.Final//org.jboss.resteasy.resteasy_jaxrs.i18n.Messages.<clinit>(Messages.java:35)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.Servlet3AsyncHttpRequest$Servlet3ExecutionContext$Servlet3AsynchronousResponse.setTimeout(Servlet3AsyncHttpRequest.java:163)
	at deployment.jaxrsnoap.war//org.jboss.as.test.integration.jaxrs.async.AsyncResource.getBasic(AsyncResource.java:25)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:70)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:222)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
	at org.jboss.resteasy.resteasy-core@6.2.10.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at jakarta.servlet.api@6.0.0//jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.security.elytron-web.undertow-server@4.1.0.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
	at org.wildfly.security.elytron-base@2.5.2.Final//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
	at org.wildfly.security.elytron-web.undertow-server@4.1.0.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.core@2.3.17.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.core@2.3.17.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.core@2.3.17.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at org.wildfly.security.elytron-web.undertow-server-servlet@4.1.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
	at io.undertow.core@2.3.17.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:44)
	at io.undertow.core@2.3.17.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow@34.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:51)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at io.undertow.core@2.3.17.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet@2.3.17.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
	... 20 more

      The introduction of hasFullPrivilegeAccess() causes this to fail in Java 14+. Note the and MODULE access. In the JPMS world org.jboss.logging would be one unamed module and org.jboss.resteasy would be a different unamed module. In the JPMS world, AFAIK, org.jboss.logging is not a dependency of org.jboss.resteasy. In the JBoss Modules world they are though. This causes the hasFullPrivilegeAccess() to return false and getClassLoader permission is checked.

              jperkins-rhn James Perkins
              jperkins-rhn James Perkins
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: