Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 16.0.0.Beta1
Component/s: JCA, Security
Labels:
- security-manager

Steps to Reproduce:

Hide

I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.

Show
I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.
Affects:

Documentation (Ref Guide, User Guide, etc.)

When a deployment uses connection on a JDBC datasource, the deployment needs the connect SocketPermission granted.

For example

...
DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS");
Connection conn = ds.getConnection();
...

may require permissions.xml like

<permissions version="7">
  <!-- Connections to databases -->
  <permission>
    <class-name>java.net.SocketPermission</class-name>
    <name>*</name>  <!-- This can be hardened by using specific URLs/IPs -->
    <actions>resolve,connect</actions>
  </permission>
</permissions>

However, resolve SocketPermission should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the connect SocketPermission. JDBC extends the JCA spec.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

DataSourceDefinitionJPATestCase-output-missing_SocketPermission_Connect.txt
85 kB
2019/01/22 9:28 AM

blocks

JBEAP-971 Fix issues in tests with Security Manager

Closed

is related to

WFLY-12465 Security manager failures persisting timers

Open

Assignee:: Ivo Studensky

Reporter:: Ondrej Kotek

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2019/01/22 9:23 AM

Updated:: 2024/05/29 9:40 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates