Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8289

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 11.0.0.Alpha1
    • None
    • Remoting, Security
    • None

    Description

      1. Running NestedRemoteContextTestCase (from WildFly testsuite/integration/basic) with security manager, like 
        ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
new RemotingPermission("createEndpoint"),
new RuntimePermission("createXnioWorker"),
new RemotingPermission("addConnectionProvider"),
new RuntimePermission("modifyThread"),
new RuntimePermission("accessDeclaredMembers"),
new ReflectPermission("suppressAccessChecks")

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. WFLY-5169 "XNIO001001: No XNIO provider found" by some tests in main TS with security manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - A task that needs to be done. WFLY-6542 Fix issues in tests with Security Manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          is blocked by

          Component Upgrade - A task tracking an update to a bundled component WFCORE-1350 Upgrade XNIO to >= 3.3.5.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Component Upgrade - A task tracking an update to a bundled component WFCORE-1349 Upgrate JBoss Marshalling to >= 1.4.11.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Component Upgrade - A task tracking an update to a bundled component WFLY-8273 Upgrade to WildFly Naming Client 1.0.0.Beta12

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. JBMAR-182 Marhsaller factory service loader should be privileged

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. WFNC-23 WildFlyRootContext needs to initiate Service Loaders within privileged blocks

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. XNIO-261 Service loaders created without privileges

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JBEAP-11034 (7.0.z) Marhsaller factory service loader should be privileged

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. JBEAP-2770 FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: WFLY

              People

                istudens@redhat.com Ivo Studensky
                okotek@redhat.com Ondrej Kotek
                Ondrej Kotek Ondrej Kotek
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: