Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2593

DeploymentReflectionIndex requires additional permissions even if it is guarded by ServerPermission("createDeploymentReflectionIndex")

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.0.0.Beta11
    • Fix Version/s: 3.0.0.Beta12
    • Component/s: Server
    • Labels:
      None

      Description

      When running with Security Manager enabled, DeploymentReflectionIndex requires additional permissions (see below) even if its creation is guarded by ServerPermission("createDeploymentReflectionIndex").

      Required additional permissions:

      new RuntimePermission("accessDeclaredMembers")
      new ReflectPermission("suppressAccessChecks"))
      

      It is actually the constructor of ClassReflectionIndex invoked from DeploymentReflectionIndex#getClassIndex() method which requires these permissions.

      This issue was catched by org.jboss.as.test.integration.pojo.test.BeanFactoryTestCase, see the stacktrace:

      20:24:38,511 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.pojo.D.CREATE: org.jboss.msc.service.StartException in service jboss.pojo.D.CREATE: java.lang.reflect.InvocationTargetException
      	at org.jboss.as.pojo.service.LifecyclePojoPhase.startInternal(LifecyclePojoPhase.java:51)
      	at org.jboss.as.pojo.service.AbstractPojoPhase.start(AbstractPojoPhase.java:75)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.as.pojo.service.MethodJoinpoint.dispatch(MethodJoinpoint.java:41)
      	at org.jboss.as.pojo.service.BeanUtils.dispatchLifecycleJoinpoint(BeanUtils.java:155)
      	at org.jboss.as.pojo.service.LifecyclePojoPhase.dispatchJoinpoint(LifecyclePojoPhase.java:43)
      	at org.jboss.as.pojo.service.LifecyclePojoPhase.startInternal(LifecyclePojoPhase.java:49)
      	... 6 more
      Caused by: java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.as.test.integration.pojo.support.D.create(D.java:36)
      	... 14 more
      Caused by: java.lang.RuntimeException: WFLYSRV0177: Error getting reflective information for class org.jboss.as.test.integration.pojo.support.B with ClassLoader ModuleClassLoader for Module "deployment.bean-factory.jar" from Service Module Loader
      	at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:70)
      	at org.jboss.as.pojo.service.DefaultBeanInfo.lookup(DefaultBeanInfo.java:78)
      	at org.jboss.as.pojo.service.DefaultBeanInfo.getConstructor(DefaultBeanInfo.java:86)
      	at org.jboss.as.pojo.service.BeanUtils.instantiateBean(BeanUtils.java:98)
      	at org.jboss.as.pojo.descriptor.BaseBeanFactory.create(BaseBeanFactory.java:62)
      	... 19 more
      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessDeclaredMembers")" in code source "(vfs:/content/bean-factory.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.bean-factory.jar" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
      	at java.lang.Class.checkMemberAccess(Class.java:2348)
      	at java.lang.Class.getDeclaredFields(Class.java:1915)
      	at org.jboss.as.server.deployment.reflect.ClassReflectionIndex.<init>(ClassReflectionIndex.java:72)
      	at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:66)
      	... 23 more
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  istudens Ivo Studensky
                  Reporter:
                  istudens Ivo Studensky
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: