Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.1.7.Final, 1.2.7.Final, 1.3.0.Beta1
Affects Version/s: 1.1.6.Final, 1.2.6.Final
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/jboss-msc/jboss-msc/pull/35, https://github.com/jboss-msc/jboss-msc/pull/36
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1414557

Description

ServiceControllerImpl#invokeListener calls listener.getClass().getClassLoader() without doPrivileged. This leads to a security permission exception when a deployment tries to rebind a jndi item, see the following stacktrace:

Caused by: javax.naming.NamingException: Failed to bind [Test2] at location [service jboss.naming.context.java.jboss.exported.some.entry] [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test.jar <no signer certificates>)" of "null")]
	at org.jboss.as.naming.util.NamingUtils.namingException(NamingUtils.java:150)
	at org.jboss.as.naming.WritableServiceBasedNamingStore.bind(WritableServiceBasedNamingStore.java:104)
	at org.jboss.as.naming.WritableServiceBasedNamingStore.rebind(WritableServiceBasedNamingStore.java:114)
	at org.jboss.as.naming.NamingContext.rebind(NamingContext.java:301)
	at org.jboss.as.naming.InitialContext$DefaultInitialContext.rebind(InitialContext.java:273)
	at org.jboss.as.naming.NamingContext.rebind(NamingContext.java:309)
	at javax.naming.InitialContext.rebind(InitialContext.java:433)
	at javax.naming.InitialContext.rebind(InitialContext.java:433)
	at org.jboss.as.test.integration.naming.remote.ejb.Singleton.rebind(Singleton.java:55)
	... 72 more
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/test.jar <no signer certificates>)" of "null")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1525)
	at java.lang.Class.getClassLoader(Class.java:683)
	at org.jboss.msc.service.ServiceControllerImpl.invokeListener(ServiceControllerImpl.java:1529)
	at org.jboss.msc.service.ServiceControllerImpl.access$2800(ServiceControllerImpl.java:51)
	at org.jboss.msc.service.ServiceControllerImpl$ListenerTask.run(ServiceControllerImpl.java:2099)
	at org.jboss.msc.service.ServiceControllerImpl.commitInstallation(ServiceControllerImpl.java:265)
	at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:771)
	at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:223)
	at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2401)
	at org.jboss.msc.service.ServiceBuilderImpl.install(ServiceBuilderImpl.java:317)
	at org.jboss.as.naming.WritableServiceBasedNamingStore.bind(WritableServiceBasedNamingStore.java:86)
	... 79 more

Attachments

Issue Links

blocks

JBEAP-4073 SharedBindingTestCase fails with security manager

Verified

is incorporated by

JBEAP-8355 (7.0.z) MSC-151 - getClassLoader() should be called within doPrivileged() at SeviceControllerImpl#invokeListener

Verified

JBEAP-8363 (7.1.0) MSC-151 - getClassLoader() should be called within doPrivileged() at SeviceControllerImpl#invokeListener

Verified

JBEAP-2240 Upgrade MSC from 1.2.6.Final-redhat-1 to 1.2.7.Final

Verified

WFCORE-1830 Upgrade MSC from 1.2.6.Final-redhat-1 to 1.2.7.Final

Resolved

Activity

People

Assignee:: Ivo Studensky

Reporter:: Ivo Studensky

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2015/11/24 4:42 AM

Updated:: 2020/09/14 5:31 AM

Resolved:: 2015/11/24 8:39 AM