Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-102

Permission check failed for ("java.lang.RuntimePermission" "MODIFY_UNDERTOW_SECURITY_CONTEXT")

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 1.0.0.Beta12
    • None
    • None

      When running the JBossWS testsuite [1] against WFLY master with security manager enabled I'm getting an unexpected exception on Hudson runs:

      09:40:28,524 ERROR [io.undertow.request] (default task-14) Servlet request failed HttpServerExchange{ POST /jaxws-cxf-jbws3060-jse/ServiceTwo/EndpointTwo}: java.security.AccessControlException: WFSM000001: Permission check failed for ("java.lang.RuntimePermission" "MODIFY_UNDERTOW_SECURITY_CONTEXT")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:221)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:130)
	at io.undertow.security.impl.SecurityContextImpl.<init>(SecurityContextImpl.java:83) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:65) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:207) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:194) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:72) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:128) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.server.HttpHandlers.executeRootHandler(HttpHandlers.java:36) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:614) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_15]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_15]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_15]

      The failing tests changes among different runs and I can't reproduce the issue locally (I suspect something related to test execution order).

      In any case, as per Stuart's comment on IRC, the code in the stacktrace above should always be passing the permission check, regardless of the permissions granted to deployments.

      [1] http://jbossws.jboss.org:8180/hudson/job/CXF-CORE-AS-8.0.0-SECMGR/2/

            sdouglas1@redhat.com Stuart Douglas
            rhn-support-asoldano Alessio Soldano
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: