Uploaded image for project: 'Modular Service Container'
  1. Modular Service Container
  2. MSC-151

getClassLoader() should be called within doPrivileged() at SeviceControllerImpl#invokeListener

    XMLWordPrintable

Details

    Description

      ServiceControllerImpl#invokeListener calls listener.getClass().getClassLoader() without doPrivileged. This leads to a security permission exception when a deployment tries to rebind a jndi item, see the following stacktrace:

      Caused by: javax.naming.NamingException: Failed to bind [Test2] at location [service jboss.naming.context.java.jboss.exported.some.entry] [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test.jar <no signer certificates>)" of "null")]
      	at org.jboss.as.naming.util.NamingUtils.namingException(NamingUtils.java:150)
      	at org.jboss.as.naming.WritableServiceBasedNamingStore.bind(WritableServiceBasedNamingStore.java:104)
      	at org.jboss.as.naming.WritableServiceBasedNamingStore.rebind(WritableServiceBasedNamingStore.java:114)
      	at org.jboss.as.naming.NamingContext.rebind(NamingContext.java:301)
      	at org.jboss.as.naming.InitialContext$DefaultInitialContext.rebind(InitialContext.java:273)
      	at org.jboss.as.naming.NamingContext.rebind(NamingContext.java:309)
      	at javax.naming.InitialContext.rebind(InitialContext.java:433)
      	at javax.naming.InitialContext.rebind(InitialContext.java:433)
      	at org.jboss.as.test.integration.naming.remote.ejb.Singleton.rebind(Singleton.java:55)
      	... 72 more
      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test.jar <no signer certificates>)" of "null")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
      	at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1525)
      	at java.lang.Class.getClassLoader(Class.java:683)
      	at org.jboss.msc.service.ServiceControllerImpl.invokeListener(ServiceControllerImpl.java:1529)
      	at org.jboss.msc.service.ServiceControllerImpl.access$2800(ServiceControllerImpl.java:51)
      	at org.jboss.msc.service.ServiceControllerImpl$ListenerTask.run(ServiceControllerImpl.java:2099)
      	at org.jboss.msc.service.ServiceControllerImpl.commitInstallation(ServiceControllerImpl.java:265)
      	at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:771)
      	at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:223)
      	at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2401)
      	at org.jboss.msc.service.ServiceBuilderImpl.install(ServiceBuilderImpl.java:317)
      	at org.jboss.as.naming.WritableServiceBasedNamingStore.bind(WritableServiceBasedNamingStore.java:86)
      	... 79 more
      

      Attachments

        Issue Links

          Activity

            People

              istudens@redhat.com Ivo Studensky
              istudens@redhat.com Ivo Studensky
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: