Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12455

Update permission names in tests to fix failures that occur with the security manager enabled after the JBoss Jakarta JACC and JASPI upgrades

    Details

      Description

      The upgrades to JBoss Jakarta JACC 2.0.0.CR1 and JBoss Jakarta JASPI fork 2.0.0.CR1 are causing the following test failures with the security manager enabled:

      PolicyContextTestCase.testHttpServletRequestFromPolicyContext

      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/ear-jacc-context.ear/ear-jacc-context.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ear-jacc-context.ear.ear-jacc-context.jar" from Service Module Loader")
       at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
       at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
       at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
       at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
      

      AuthenticationPolicyContextTestCase.test

      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "setPolicy")" in code source "(vfs:/content/picketlink-sts-ws.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.picketlink-sts-ws.war" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
      	at javax.security.jacc.PolicyContext.checkSetPolicyPermission(PolicyContext.java:237)
      	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:226)
      

      The above two failures are occurring because PolicyContext.getContext now checks for the "setPolicy" permission instead of the "getPolicy" permission:

      PolicyContext.getContext before JACC upgrade:
      https://github.com/jboss/jboss-jacc-api_spec/blob/master/src/main/java/javax/security/jacc/PolicyContext.java#L93

      PolicyContext.getContext after JACC upgrade:
      https://github.com/jboss/jboss-jakarta-jacc-api_spec/blob/6b5f2641b115239df97b10ad95b4972ac62d01e3/api/src/main/java/javax/security/jacc/PolicyContext.java#L226

      DynamicJaspiTestCase.testCalls

      &amp#27;[0m&amp#27;[31m09:18:43,183 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
      	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
      	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
      	at org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
      

      The above failure occurs because AuthConfigFactory.getFactory now checks for the "getProperty.authconfigprovider.factory" permission instead of the "getFactory" permission:

      AuthConfigFactory.getFactory before JASPI upgrade:
      https://github.com/jboss/jboss-jaspi-api_spec/blob/jboss-jaspi-api_1.1_spec-1.0.2.Final/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L205

      AuthConfigFactory.getFactory after JASPI upgrade:
      https://github.com/jboss/jboss-jakarta-jaspi-api_spec/blob/3e290bd05a6518015f6f2e4ab6defe6a5e07fc29/api/src/main/java/javax/security/auth/message/config/AuthConfigFactory.java#L201

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                fjuma Farah Juma
                Reporter:
                fjuma Farah Juma
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: