Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8289

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

    XMLWordPrintable

Details

    Description

      1. Running NestedRemoteContextTestCase (from WildFly testsuite/integration/basic) with security manager, like
        ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager
        

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found
      

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
      new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
      new RemotingPermission("createEndpoint"),
      new RuntimePermission("createXnioWorker"),
      new RemotingPermission("addConnectionProvider"),
      new RuntimePermission("modifyThread"),
      new RuntimePermission("accessDeclaredMembers"),
      new ReflectPermission("suppressAccessChecks")
      

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

      Attachments

        Issue Links

          Activity

            People

              istudens@redhat.com Ivo Studensky
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: