Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-1759

Privilege problem somewhere between creating an instance factory and constructing a proxy

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.2.6.Final, 3.0.0.Alpha1
    • 2.2.5.Final
    • None
    • None

    Description

      The stack trace looks like this:

      2014-09-30 16:59:53,074 ERROR [io.undertow.request] (default task-58) UT005023: Exception handling request to /4900ad8b-90a5-4ec0-abf5-f919c09208ff/TestUpgradeServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/4900ad8b-90a5-4ec0-abf5-f919c09208ff.war/WEB-INF/classes <no signer certificates>)" of "null")
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:264) [wildfly-security-manager-1.1.0.Beta1-SNAPSHOT.jar:1.1.0.Beta1-SNAPSHOT]
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:172) [wildfly-security-manager-1.1.0.Beta1-SNAPSHOT.jar:1.1.0.Beta1-SNAPSHOT]
        at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1561) [rt.jar:1.7.0_51]
        at java.lang.Class.getClassLoader(Class.java:614) [rt.jar:1.7.0_51]
        at org.jboss.as.weld.services.bootstrap.ProxyServicesImpl._getClassLoader(ProxyServicesImpl.java:86) [wildfly-weld-9.0.0.Alpha2-SNAPSHOT.jar:9.0.0.Alpha2-SNAPSHOT]
        at org.jboss.as.weld.services.bootstrap.ProxyServicesImpl.getClassLoader(ProxyServicesImpl.java:79) [wildfly-weld-9.0.0.Alpha2-SNAPSHOT.jar:9.0.0.Alpha2-SNAPSHOT]
        at org.jboss.weld.bean.proxy.ProxyFactory.resolveClassLoaderForBeanProxy(ProxyFactory.java:836) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.bean.proxy.ProxyFactory.<init>(ProxyFactory.java:169) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.bean.proxy.InterceptedSubclassFactory.<init>(InterceptedSubclassFactory.java:80) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.bean.proxy.InterceptedSubclassFactory.<init>(InterceptedSubclassFactory.java:67) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.SubclassedComponentInstantiator.createEnhancedSubclass(SubclassedComponentInstantiator.java:98) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.SubclassedComponentInstantiator.initEnhancedSubclass(SubclassedComponentInstantiator.java:82) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.SubclassedComponentInstantiator.<init>(SubclassedComponentInstantiator.java:75) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.SubclassedComponentInstantiator.forInterceptedDecoratedBean(SubclassedComponentInstantiator.java:59) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.BeanInjectionTarget.initializeAfterBeanDiscovery(BeanInjectionTarget.java:138) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.InjectionTargetInitializationContext.initialize(InjectionTargetInitializationContext.java:42) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.InjectionTargetService.addInjectionTargetToBeInitialized(InjectionTargetService.java:55) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.InjectionTargetService.addInjectionTargetToBeInitialized(InjectionTargetService.java:49) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.weld.injection.producer.WeldInjectionTargetBuilderImpl.build(WeldInjectionTargetBuilderImpl.java:80) [weld-core-impl-2.2.5.Final.jar:2014-09-15 07:54]
        at org.jboss.as.weld.injection.InjectionTargets.createInjectionTarget(InjectionTargets.java:78) [wildfly-weld-9.0.0.Alpha2-SNAPSHOT.jar:9.0.0.Alpha2-SNAPSHOT]
        at org.jboss.as.weld.deployment.WeldClassIntrospector.getInjectionTarget(WeldClassIntrospector.java:90) [wildfly-weld-9.0.0.Alpha2-SNAPSHOT.jar:9.0.0.Alpha2-SNAPSHOT]
        at org.jboss.as.weld.deployment.WeldClassIntrospector.createFactory(WeldClassIntrospector.java:57) [wildfly-weld-9.0.0.Alpha2-SNAPSHOT.jar:9.0.0.Alpha2-SNAPSHOT]
        at org.jboss.as.ee.component.ComponentRegistry.createInstanceFactory(ComponentRegistry.java:76)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$ComponentClassIntrospector.createInstanceFactory(UndertowDeploymentInfoService.java:1292)
        at io.undertow.servlet.spec.HttpServletRequestImpl.upgrade(HttpServletRequestImpl.java:470) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
------> at org.jboss.as.test.integration.ee.injection.support.servlet.TestUpgradeServlet.doGet(TestUpgradeServlet.java:45) [classes:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:259) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:246) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:75) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:171) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_51]
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:168) [undertow-servlet-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:737) [undertow-core-1.1.0.Beta8.jar:1.1.0.Beta8]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
        at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]

      The arrow indicates the position of the failed protection domain on the stack. I think that something in this stack should be executing with privileges, but I'm not really sure what... maybe the proxy factory where the class loader is acquired?

      If this bug belongs somewhere else (e.g. in UT or WFCORE or WFLY), feel free to move it.

      Attachments

        Activity

          People

            rhn-engineering-jharting Jozef Hartinger
            dlloyd@redhat.com David Lloyd
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: