Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5243

NullPointerException when invalid <permission> classes specified

XMLWordPrintable

    • Hide
      • Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission. 
        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
     <deployment-permissions>
         <minimum-set>
            <permission class="invalid.class.name"/>
        </minimum-set>
        <maximum-set>
        </maximum-set>
     </deployment-permissions>
 </subsystem>
      • Start EAP
      • Observe the startup errors
      Show
      Configure the security manager subsystem with an invalid permission in the mininum-set. Maximum-set must be present, but can contain anything except java.security.AllPermission. <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> <deployment-permissions> <minimum-set> <permission class="invalid.class.name"/> </minimum-set> <maximum-set> </maximum-set> </deployment-permissions> </subsystem> Start EAP Observe the startup errors
    • Hide

      Remove or correct the invalid permissions.

      Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.

      Show
      Remove or correct the invalid permissions. Since there is no error detailing which permission is wrong, this entails trial and error to isolate the affected permissions.
    • Undefined

      If the security manager contains an invalid class or other data in the minimum-set it throws a NullPointerException instead of a useful error message.

      ERROR [management-operation] WFLYCTL0013 : Operation ("add") failed - address ([("subsystem" => "security-manager")]): java.lang.NullPointerException 
 at java.security.Permissions.getPermissionCollection(Permissions.java:240) 
 at java.security.Permissions.implies(Permissions.java:179) at org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75) at org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
...

      The same thing happens with other missing data.

      • Works: 
        <permission class="java.io.FilePermission" name="/foo" actions="read"/>
      • Fail with NullPointerException: 
        <permission class="invalid.class.name" name="/foo" actions="read"/>
        <permission class="java.io.FilePermission" name="/foo"/>
        <permission class="java.io.FilePermission" actions="read"/>

      The NullPointerException does not occur if maximum-set is absent, or contains java.security.AllPermission

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-rmartinc Ricardo Martin Camarero
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: