[ http://jira.jboss.com/jira/browse/JBAS-1363?page=history ]
Scott M Stark resolved JBAS-1363:
---------------------------------
Resolution: Done
> JACC DelegatingPolicy will not work with a SecurityManager installed
> --------------------------------------------------------------------
>
> Key: JBAS-1363
> URL: http://jira.jboss.com/jira/browse/JBAS-1363
> Project: JBoss Application Server
> Type: Bug
> Components: Security
> Versions: JBossAS-4.0.1 Final, JBossAS-5.0 Alpha
> Reporter: Scott M Stark
> Assignee: Scott M Stark
> Priority: Blocker
> Fix For: JBossAS-5.0 Alpha, JBossAS-4.0.2 Final, JBossAS-4.0.1 SP1
>
>
> If one runs with the JACC policy provided enabled, and also specify that a
> security manager is intalled, the service fails to start with an exception
> like:
> 16:01:48,985 WARN [ServiceController] Problem starting service
> jboss.security:service=JACCSecurityService
> java.lang.ClassCircularityError: javax/security/jacc/EJBMethodPermission
> at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72)
> at java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at sun.misc.URLClassPath.check(URLClassPath.java:398)
> at sun.misc.URLClassPath$JarLoader.checkResource(URLClassPath.java:601)
> at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:673)
> at sun.misc.URLClassPath$JarLoader.findResource(URLClassPath.java:660)
> at sun.misc.URLClassPath.findResource(URLClassPath.java:139)
> at java.net.URLClassLoader$2.run(URLClassLoader.java:362)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findResource(URLClassLoader.java:359)
> at java.lang.ClassLoader.getResource(ClassLoader.java:977)
> at
> org.jboss.mx.loading.RepositoryClassLoader.getResourceLocally(RepositoryClassLoader.java:200)
> at org.jboss.mx.loading.LoadMgr3$ResourceAction.run(LoadMgr3.java:95)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:247)
> at
> org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:464)
> at
> org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
> at org.jboss.security.jacc.DelegatingPolicy.implies(DelegatingPolicy.java:72)
> at java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.Thread.setContextClassLoader(Thread.java:1306)
> at org.jboss.mx.server.TCLAction$5.run(TCLAction.java:102)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.mx.server.TCLAction$2.setContextClassLoader(TCLAction.java:97)
> at org.jboss.mx.server.TCLAction$UTIL.setContextClassLoader(TCLAction.java:37)
> at
> org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:288)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
> at
> org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:908)
> at $Proxy0.start(Unknown Source)
> at org.jboss.system.ServiceController.start(ServiceController.java:416)
> The problem is the interaction between the class loading layer attempting to
> locate the class in question as a resource and the lazy loading of the JACC
> permission classes from within the Policy.implies override which results in
> recursion into a ClassCircularityError:
> Thread "main"@336 in group "jboss" status: RUNNING
> <init>():32, java.lang.ClassCircularityError
> implies():72, org.jboss.security.jacc.DelegatingPolicy
> implies():189, java.security.ProtectionDomain
> checkPermission():254, java.security.AccessControlContext
> checkPermission():401, java.security.AccessController
> checkPermission():524, java.lang.SecurityManager
> check():397, sun.misc.URLClassPath
> getResource():884, sun.misc.URLClassPath$FileLoader
> getResource():157, sun.misc.URLClassPath
> getResource():209, sun.misc.URLClassPath
> getBootstrapResource():950, java.lang.ClassLoader
> getResource():811, java.lang.ClassLoader
> getResource():809, java.lang.ClassLoader
> getResource():809, java.lang.ClassLoader
> getResource():809, java.lang.ClassLoader
> getResourceLocally():205, org.jboss.mx.loading.RepositoryClassLoader
> run():95, org.jboss.mx.loading.LoadMgr3$ResourceAction
> doPrivileged():-1, java.security.AccessController
> beginLoadTask():247, org.jboss.mx.loading.LoadMgr3
> The classes needed by the implies method need to be loaded before the
> DelegatingPolicy is installed as the java.security.Policy implementation to
> avoid this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development
