Description
Adding new Elytron policy fails if it was previously added and then removed and server is unsecured. Next adding fails [1] and with exception [2] in server.log.
[1]
[standalone@localhost:9990 /] /subsystem=elytron/policy=jacc:add(jacc-policy=[{name => jacc}])
{
"outcome" => "failed",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
},
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy@502d9a84]
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}},
"rolled-back" => true
}
[2]
2017-06-29 11:08:35,700 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.policy: org.jboss.msc.service.StartException in service org.wildfly.security.policy: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy@502d9a84]
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:177)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
... 3 more
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection
at org.wildfly.security.authz.jacc.JaccDelegatingPolicy$1.add(JaccDelegatingPolicy.java:126)
at java.security.Policy.addStaticPerms(Policy.java:686)
at java.security.Policy.getPermissions(Policy.java:673)
at org.jboss.security.jacc.DelegatingPolicy.getPermissions(DelegatingPolicy.java:125)
at java.security.Policy.initPolicy(Policy.java:327)
at java.security.Policy.setPolicy(Policy.java:270)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.lambda$setPolicyAction$0(PolicyDefinitions.java:201)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.setPolicy(PolicyDefinitions.java:195)
at org.wildfly.extension.elytron.PolicyDefinitions$1$1.start(PolicyDefinitions.java:173)
... 5 more
2017-06-29 11:08:35,701 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("policy" => "jacc")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.policy" => "Failed to start service
Caused by: java.lang.RuntimeException: Failed to set policy [org.wildfly.security.authz.jacc.JaccDelegatingPolicy@502d9a84]
Caused by: java.lang.SecurityException: ELY03018: Cannot add permissions to a read-only permission collection"}}
Attachments
Issue Links
- is cloned by
-
WFCORE-3042 It is not possible to add new Elytron policy after adding and removing it first
-
- Resolved
-
- relates to
-
-
- Closed
-
