-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
Currently experiencing the following error: -
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "org.jboss.security.plugins.ClassLoaderLocatorFactory.get")" in code source "(vfs:/content/mydeployment.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader@24d700ba")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294) [wildfly-elytron-security-manager-1.10.0.Final.jar:1.10.0.Final]
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191) [wildfly-elytron-security-manager-1.10.0.Final.jar:1.10.0.Final]
at org.jboss.security.plugins.ClassLoaderLocatorFactory.get(ClassLoaderLocatorFactory.java:51) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:187) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasRole(WebAuthorizationHelper.java:201) [picketbox-5.0.3.Final.jar:5.0.3.Final]
at org.wildfly.extension.undertow.security.JbossAuthorizationManager.isUserInRole(JbossAuthorizationManager.java:99)
at io.undertow.servlet.spec.HttpServletRequestImpl.isUserInRole(HttpServletRequestImpl.java:337) [undertow-servlet-2.0.26.Final.jar:2.0.26.Final]
at org.apache.jsp.secured_jsp._jspService(secured_jsp.java:109)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [jastow-2.0.7.Final.jar:2.0.7.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) [jboss-servlet-api_4.0_spec-2.0.0.CR2.jar:2.0.0.CR2]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433) [jastow-2.0.7.Final.jar:2.0.7.Final]
... 51 more
The reason I believe this requires a doPrivileged is the permission required is entirely internal to our implementation of isUserInRole - whilst the deployment can trigger this call the deployment can not influence how this is implemented so the deployment's ProtectionDomain should not require the permissions needed for our internal class loading so a doPrivileged call will drop the deployment's ProtectionDomain from the stack.
