[jira] [Commented] (DELTASPIKE-1386) Unhandled Exception in DefaultConfigSourceProvider causes deployment failure

Fri, 20 Sep 2019 00:09:48 -0700 


    [ 
https://issues.apache.org/jira/browse/DELTASPIKE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934145#comment-16934145
 ] 

Thomas Frühbeck commented on DELTASPIKE-1386:
---------------------------------------------

Hi Mark,
sorry for my late reply!

m2c: the feature itself seems to be targeted at developers - and as such 
debateable. I am responsible for a growing number of applications integrating 
DeltaSpike as vital part, and cannot imagine to mix some settings into everyone.

I see no reason to add complexity, neither for priviledged access. To me a 
simple try/catch/log.info would be sufficient. Any developer relying on this 
feature will be sufficiently informed.  

Running DeltaSpike in presence of SecurityManager restrictions shows additional 
accesses (e.g. System.getProperties in SystemPropertyConfigSource), which are 
problematic, because security check will be performed for Read+Write(!) access.
So either we allow unrestricted(!) access to System.properties, or again we 
have to remove DeltaSpike completely. 

On the other side all the business logic of Configuration is private, so we are 
not able to override any of these critical parts by an alternative. 

I really would prefer to change each of the critical config setup 
methods/fields to protected to give us the freedom to decide, which of these we 
really need. So move setup logic to a builder method or a real Builder we may 
provide.

Best regards, many thanks for great DeltaSpike! 

> Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
> ----------------------------------------------------------------------------
>
>                 Key: DELTASPIKE-1386
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1386
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.9.1
>            Reporter: Thomas Frühbeck
>            Priority: Major
>
> For some reason DefaultConfigSourceProvider tries to access the home 
> directory of the services user.
> If the access is prohibited by SecurityManager, the AccessControlException is 
> not handled and the deployment of the complete application fails.
> 2019-09-15 23:19:21,075 ERROR [org.jboss.msc.service.fail] (MSC service 
> thread 1-6) MSC000001: Failed to start service 
> jboss.deployment.unit."mssms-sec-ear.ear".POST_MODULE: 
> org.jboss.msc.service.StartException in service jboss.
> deployment.unit."mssms-sec-ear.ear".POST_MODULE: WFLYSRV0153: Failed to 
> process phase POST_MODULE of deployment "mssms-sec-ear.ear"
>  at 
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154)
>  at 
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
>  at 
> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748)
> Caused by: java.util.ServiceConfigurationError: 
> org.apache.deltaspike.core.spi.config.ConfigSourceProvider: Provider 
> org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider could not 
> be instantiated
>  at java.util.ServiceLoader.fail(ServiceLoader.java:232)
>  at java.util.ServiceLoader.access$100(ServiceLoader.java:185)
>  at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384)
>  at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323)
>  at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409)
>  at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
>  at 
> org.apache.deltaspike.core.util.ServiceUtils.loadServiceImplementations(ServiceUtils.java:81)
>  at org.apache.deltaspike.core.impl.config.ConfigImpl.init(ConfigImpl.java:70)
>  at 
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:53)
>  at 
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:43)
>  at 
> org.apache.deltaspike.core.api.config.ConfigResolver.resolve(ConfigResolver.java:613)
>  at 
> org.apache.deltaspike.core.api.config.base.CoreBaseConfig$BeanManagerIntegration.<clinit>(CoreBaseConfig.java:30)
>  at 
> org.apache.deltaspike.core.api.provider.BeanManagerProvider.<clinit>(BeanManagerProvider.java:79)
>  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>  at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>  at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>  at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>  at java.lang.Class.newInstance(Class.java:442)
>  at 
> org.jboss.as.weld.deployment.WeldPortableExtensions.tryRegisterExtension(WeldPortableExtensions.java:53)
>  at 
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.loadAttachments(WeldPortableExtensionProcessor.java:121)
>  at 
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.deploy(WeldPortableExtensionProcessor.java:81)
>  at 
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
>  ... 5 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check 
> failed (permission "("java.io.FilePermission" 
> "/home/thomas/.deltaspike/apache-deltaspike.properties" "read")" in code 
> source "(vfs:/work/java/mssms/w
> ildfly1011/standalone/deployments/mssms-sec-ear.ear/lib/deltaspike-core-api-1.9.0.jar
>  <no signer certificates>)" of "null")
>  at 
> org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
>  at 
> org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
>  at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
>  at 
> org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
>  at java.io.File.exists(File.java:814)
>  at 
> org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider.addUserHomeConfigSource(DefaultConfigSourceProvider.java:81)
>  at 
> org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider.<init>(DefaultConfigSourceProvider.java:61)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to