Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
Description
Issue description
When starting server with security manager (i.e. with -secmgr argument), then OpenSSL initialization fails with
java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.wildfly.openssl.SSL.init(SSL.java:73) at org.wildfly.openssl.SSL.getInstance(SSL.java:49) at org.wildfly.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:59) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:348) at io.undertow.protocols.alpn.OpenSSLAlpnProvider$1.run(OpenSSLAlpnProvider.java:47) at io.undertow.protocols.alpn.OpenSSLAlpnProvider$1.run(OpenSSLAlpnProvider.java:43) at java.security.AccessController.doPrivileged(Native Method) at io.undertow.protocols.alpn.OpenSSLAlpnProvider.<clinit>(OpenSSLAlpnProvider.java:43) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.lang.Class.newInstance(Class.java:442) at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:380) at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323) at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407) at java.security.AccessController.doPrivileged(Native Method) at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409) at java.util.ServiceLoader$1.next(ServiceLoader.java:480) at io.undertow.protocols.alpn.ALPNManager.<init>(ALPNManager.java:40) at io.undertow.protocols.alpn.ALPNManager.<clinit>(ALPNManager.java:35) at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:64) at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:83) at io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:75) at org.wildfly.extension.undertow.HttpsListenerService.createAlpnOpenListener(HttpsListenerService.java:101) at org.wildfly.extension.undertow.HttpsListenerService.createOpenListener(HttpsListenerService.java:86) at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:158) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "loadLibrary.wfssl")" in code source "(null <no signer certificates>)" of "org.wildfly.openssl.SSL$LibraryClassLoader@37072772") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.SecurityManager.checkLink(SecurityManager.java:835) at org.wildfly.security.manager.WildFlySecurityManager.checkLink(WildFlySecurityManager.java:338) at java.lang.Runtime.loadLibrary0(Runtime.java:864) at java.lang.System.loadLibrary(System.java:1122) at org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:180) ... 37 more
There could be a wrong class-loader used or doPrivileged() block missing, so the initializing code doesn't get the AllPermission (which is assigned to server modules).
Suggested improvement
- check and fix OpenSSL initialization, so it gets correct permissions
Attachments
Issue Links
- clones
-
-
- Verified
-
