Uploaded image for project: 'CDI Specification Issues'
  1. CDI Specification Issues
  2. CDI-727

CDI.current() should use privileged block

    XMLWordPrintable

Details

    Description

      When deployment in container with security manager enabled try to use CDI.current() call, CDI class directly access JAR of CDI provider, because of which security manager requires from the deployment to have permission to read the JAR.

      CDI.findAllProviders method should read the JAR in privileged block.

      (as discussed in WFLY-10125)

      java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-integ-rhel-secman/1cfa62fc/jboss-eap-7.2/modules/system/layers/base/org/jboss/as/weld/main/wildfly-weld-7.2.0.CD12-redhat-2.jar" "read")" in code source "(vfs:/content/test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test.war" from Service Module Loader")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
	at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
	at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137)
	at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
	at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
	at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
	at java.net.URL.openStream(URL.java:1045)
	at javax.enterprise.inject.spi.CDI.findAllProviders(CDI.java:109)
	at javax.enterprise.inject.spi.CDI.current(CDI.java:53)
	at org.jboss.as.test.integration.ee.injection.support.jpa.beanManager.TestEntityListener.obtainFooViaCdiCurrent(TestEntityListener.java:97)

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. WFLY-10125 EntityListenerBeanManagerInjectionTestCase fails with security manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              asabotdu@redhat.com Antoine Sabot-Durand (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: