[ http://jira.jboss.com/jira/browse/JBAS-1363?page=history ]
Scott M Stark updated JBAS-1363: -------------------------------- Fix Version: JBossAS-4.0.1 SP1 JBossAS-4.0.2 Final JBossAS-5.0 Alpha > JACC DelegatingPolicy will not work with a SecurityManager installed > -------------------------------------------------------------------- > > Key: JBAS-1363 > URL: http://jira.jboss.com/jira/browse/JBAS-1363 > Project: JBoss Application Server > Type: Bug > Components: Security > Versions: JBossAS-4.0.1 Final, JBossAS-5.0 Alpha > Reporter: Scott M Stark > Assignee: Scott M Stark > Priority: Blocker > Fix For: JBossAS-5.0 Alpha, JBossAS-4.0.2 Final, JBossAS-4.0.1 SP1 > > > If one runs with the JACC policy provided enabled, and also specify that a > security manager is intalled, the service fails to start with an exception > like: > 16:01:48,985 WARN [ServiceController] Problem starting service > jboss.security:service=JACCSecurityService > java.lang.ClassCircularityError: javax/security/jacc/EJBMethodPermission > at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72) > at java.security.ProtectionDomain.implies(ProtectionDomain.java:195) > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:249) > at java.security.AccessController.checkPermission(AccessController.java:427) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) > at sun.misc.URLClassPath.check(URLClassPath.java:398) > at sun.misc.URLClassPath$JarLoader.checkResource(URLClassPath.java:601) > at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:673) > at sun.misc.URLClassPath$JarLoader.findResource(URLClassPath.java:660) > at sun.misc.URLClassPath.findResource(URLClassPath.java:139) > at java.net.URLClassLoader$2.run(URLClassLoader.java:362) > at java.security.AccessController.doPrivileged(Native Method) > at java.net.URLClassLoader.findResource(URLClassLoader.java:359) > at java.lang.ClassLoader.getResource(ClassLoader.java:977) > at > org.jboss.mx.loading.RepositoryClassLoader.getResourceLocally(RepositoryClassLoader.java:200) > at org.jboss.mx.loading.LoadMgr3$ResourceAction.run(LoadMgr3.java:95) > at java.security.AccessController.doPrivileged(Native Method) > at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:247) > at > org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:464) > at > org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374) > at java.lang.ClassLoader.loadClass(ClassLoader.java:251) > at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) > at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72) > at java.security.ProtectionDomain.implies(ProtectionDomain.java:195) > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:249) > at java.security.AccessController.checkPermission(AccessController.java:427) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) > at java.lang.Thread.setContextClassLoader(Thread.java:1306) > at org.jboss.mx.server.TCLAction$5.run(TCLAction.java:102) > at java.security.AccessController.doPrivileged(Native Method) > at org.jboss.mx.server.TCLAction$2.setContextClassLoader(TCLAction.java:97) > at org.jboss.mx.server.TCLAction$UTIL.setContextClassLoader(TCLAction.java:37) > at > org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:288) > at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642) > at > org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:908) > at $Proxy0.start(Unknown Source) > at org.jboss.system.ServiceController.start(ServiceController.java:416) > The problem is the interaction between the class loading layer attempting to > locate the class in question as a resource and the lazy loading of the JACC > permission classes from within the Policy.implies override which results in > recursion into a ClassCircularityError: > Thread "main"@336 in group "jboss" status: RUNNING > <init>():32, java.lang.ClassCircularityError > implies():72, org.jboss.security.jacc.DelegatingPolicy > implies():189, java.security.ProtectionDomain > checkPermission():254, java.security.AccessControlContext > checkPermission():401, java.security.AccessController > checkPermission():524, java.lang.SecurityManager > check():397, sun.misc.URLClassPath > getResource():884, sun.misc.URLClassPath$FileLoader > getResource():157, sun.misc.URLClassPath > getResource():209, sun.misc.URLClassPath > getBootstrapResource():950, java.lang.ClassLoader > getResource():811, java.lang.ClassLoader > getResource():809, java.lang.ClassLoader > getResource():809, java.lang.ClassLoader > getResource():809, java.lang.ClassLoader > getResourceLocally():205, org.jboss.mx.loading.RepositoryClassLoader > run():95, org.jboss.mx.loading.LoadMgr3$ResourceAction > doPrivileged():-1, java.security.AccessController > beginLoadTask():247, org.jboss.mx.loading.LoadMgr3 > The classes needed by the implies method need to be loaded before the > DelegatingPolicy is installed as the java.security.Policy implementation to > avoid this. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list JBoss-Development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-development