Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11630

JDBC datasource should be granted the connect SocketPermission

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 16.0.0.Beta1
    • JCA, Security
    • Hide

      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.

      Show
      I used DataSourceDefinitionJPATestCase with ExampleDS JDBC datasource set to an external (non-H2) DB, JDBC driver installed as a module.
    • Documentation (Ref Guide, User Guide, etc.)

    Description

      When a deployment uses connection on a JDBC datasource, the deployment needs the connect SocketPermission granted.

      For example

      ...
DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS");
Connection conn = ds.getConnection();
...

      may require permissions.xml like

      <permissions version="7">
  <!-- Connections to databases -->
  <permission>
    <class-name>java.net.SocketPermission</class-name>
    <name>*</name>  <!-- This can be hardened by using specific URLs/IPs -->
    <actions>resolve,connect</actions>
  </permission>
</permissions>

      However, resolve SocketPermission should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the connect SocketPermission. JDBC extends the JCA spec.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. WFLY-6542 Fix issues in tests with Security Manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-971 Fix issues in tests with Security Manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. WFLY-12465 Security manager failures persisting timers

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Activity

            People

              istudens@redhat.com Ivo Studensky
              okotek@redhat.com Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: