Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8289

FilePermission for XNIO and Marshalling modules are required for Remoting to run with security manager

    Details

      Description

      1. Running NestedRemoteContextTestCase (from WildFly testsuite/integration/basic) with security manager, like
        ./integration-tests.sh -Dts.basic -Dts.noSmoke -Dtest=NestedRemoteContextTestCase -Dsecurity.manager
        

      results in exception:

      java.io.IOException: java.lang.IllegalArgumentException: XNIO001001: No XNIO provider found
      

      To make it work, permissions like following need to be added to permissions.xml of ejb.ear:

      new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/xnio/nio/main/*", "read"),
      new FilePermission("/home/okotek/git/wildfly/dist/target/wildfly-10.0.0.CR5-SNAPSHOT/modules/system/layers/base/org/jboss/marshalling/river/main/*", "read"),
      new RemotingPermission("createEndpoint"),
      new RuntimePermission("createXnioWorker"),
      new RemotingPermission("addConnectionProvider"),
      new RuntimePermission("modifyThread"),
      new RuntimePermission("accessDeclaredMembers"),
      new ReflectPermission("suppressAccessChecks")
      

      which is very confusing.

      Why do I need add seemingly unrelated permissions, like FilePermission for XNIO and marshalling or RuntimePermission for createXnioWorker? Such behavior should be fixed or properly documented.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  istudens Ivo Studensky
                  Reporter:
                  okotek Ondrej Kotek
                  Tester:
                  Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: