Details

      Description

      When deployment in container with security manager enabled try to use CDI.current() call, CDI class directly access JAR of CDI provider, because of which security manager requires from the deployment to have permission to read the JAR.

      CDI.findAllProviders method should read the JAR in privileged block.

      (as discussed in WFLY-10125)

      java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-integ-rhel-secman/1cfa62fc/jboss-eap-7.2/modules/system/layers/base/org/jboss/as/weld/main/wildfly-weld-7.2.0.CD12-redhat-2.jar" "read")" in code source "(vfs:/content/test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test.war" from Service Module Loader")
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
      	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
      	at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
      	at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137)
      	at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
      	at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
      	at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
      	at java.net.URL.openStream(URL.java:1045)
      	at javax.enterprise.inject.spi.CDI.findAllProviders(CDI.java:109)
      	at javax.enterprise.inject.spi.CDI.current(CDI.java:53)
      	at org.jboss.as.test.integration.ee.injection.support.jpa.beanManager.TestEntityListener.obtainFooViaCdiCurrent(TestEntityListener.java:97)
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  antoinesabot-durand Antoine Sabot-Durand
                  Reporter:
                  honza889 Jan Kalina
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: