Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12530

doPrivileged is needed for JASPICSecurityContext AuthConfigFactory access.

    Details

      Description

      A doPrivileged is required for the following error: -

      Permission check failed (permission "("java.security.SecurityPermission" "getProperty.authconfigprovider.factory")" in code source "(vfs:/content/some_deployment.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "somedeployment.war" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
      	at javax.security.auth.message.config.AuthConfigFactory.checkPermission(AuthConfigFactory.java:166)
      	at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:201)
      	at org.wildfly.extension.undertow.security.jaspi.JASPICSecurityContext.logout(JASPICSecurityContext.java:114)
      	at io.undertow.servlet.spec.HttpServletRequestImpl.logout(HttpServletRequestImpl.java:505)
      

      The deployment is invoking a standard servlet API however it's ProtectionDomain is being taken into account for the inner details of implementation.

      A deployment could require these permissions if interacting with the JASPI APIs directly however it should not require these permissions to interact with the Servlet APIs and the JASPI interaction becomes an implementation detail.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dlofthouse Darran Lofthouse
                Reporter:
                dlofthouse Darran Lofthouse
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: