Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11630

JDBC datasource should be granted the connect SocketPermission

    Details

    • Steps to Reproduce:
      Hide

      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.

      Show
      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.
    • Affects:
      Documentation (Ref Guide, User Guide, etc.)

      Description

      When a deployment uses connection on a JDBC datasource, the deployment needs the connect SocketPermission granted.

      For example

      ...
      DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS");
      Connection conn = ds.getConnection();
      ...
      

      may require permissions.xml like

      <permissions version="7">
        <!-- Connections to databases -->
        <permission>
          <class-name>java.net.SocketPermission</class-name>
          <name>*</name>  <!-- This can be hardened by using specific URLs/IPs -->
          <actions>resolve,connect</actions>
        </permission>
      </permissions>
      

      However, resolve SocketPermission should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the connect SocketPermission. JDBC extends the JCA spec.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  istudens Ivo Studensky
                  Reporter:
                  okotek Ondrej Kotek
                  Tester:
                  Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated: