Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
16.0.0.Beta1
-
-
Documentation (Ref Guide, User Guide, etc.)
Description
When a deployment uses connection on a JDBC datasource, the deployment needs the connect SocketPermission granted.
For example
... DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/ExampleDS"); Connection conn = ds.getConnection(); ...
may require permissions.xml like
<permissions version="7"> <!-- Connections to databases --> <permission> <class-name>java.net.SocketPermission</class-name> <name>*</name> <!-- This can be hardened by using specific URLs/IPs --> <actions>resolve,connect</actions> </permission> </permissions>
However, resolve SocketPermission should be enough. The JCA spec states, at the 21.2 session (SecurityPermissions), the rar should always be granted the connect SocketPermission. JDBC extends the JCA spec.
Attachments
Issue Links
- blocks
-
WFLY-6542 Fix issues in tests with Security Manager
-
- Open
-
-
JBEAP-971 Fix issues in tests with Security Manager
-
- Open
-
- is related to
-
WFLY-12465 Security manager failures persisting timers
-
- Open
-