Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11630

JDBC datasource should be granted the connect SocketPermission

    XMLWordPrintable

Details

    • Hide

      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.

      Show
      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.
    • Documentation (Ref Guide, User Guide, etc.)

    Description

      When a deployment uses connection on a JDBC datasource, the deployment needs the connect SocketPermission granted.

      For example

      ...
      DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS");
      Connection conn = ds.getConnection();
      ...
      

      may require permissions.xml like

      <permissions version="7">
        <!-- Connections to databases -->
        <permission>
          <class-name>java.net.SocketPermission</class-name>
          <name>*</name>  <!-- This can be hardened by using specific URLs/IPs -->
          <actions>resolve,connect</actions>
        </permission>
      </permissions>
      

      However, resolve SocketPermission should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the connect SocketPermission. JDBC extends the JCA spec.

      Attachments

        Issue Links

          Activity

            People

              istudens@redhat.com Ivo Studensky
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: