-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
A doPrivileged is required for the following error: -
Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/some_deployment.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "somedeployment.war" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
at org.wildfly.extension.undertow.security.jaspi.JASPICSecurityContext.logout(JASPICSecurityContext.java:114)
at io.undertow.servlet.spec.HttpServletRequestImpl.logout(HttpServletRequestImpl.java:505)
The deployment is invoking a standard servlet API however it's ProtectionDomain is being taken into account for the inner details of implementation.
A deployment could require these permissions if interacting with the JASPI APIs directly however it should not require these permissions to interact with the Servlet APIs and the JASPI interaction becomes an implementation detail.
