Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12913

Incorrect doPrivileged usage causes AccessControlException (FilePermission) in Elytron's ServiceLoaderSupplier

    XMLWordPrintable

Details

    Description

      When application server is running with Security Manager then using Elytron API (ElytronXmlParser.parseAuthenticationClientConfiguration()) from deployment leads to AccessControlException. The ServiceLoaderSupplier incorrectly uses doPrivileged, so the FilePermission check during accessing Elytron JAR fails.

      Workaround could be adding this FilePermission to each such deployment, but this is neither safe nor practical as the JAR name and location can change (e.g. version upgrade with patches applied).

      It seems the problem is caused by passing AccessControlContext as second parameter of doPrivileged method [1]. ServiceLoaderSupplier does not require this permission when second paramater is removed from doPrivileged method. This privileged block has been added as fix of JBEAP-12111 - doPrivileged call has been added into org.wildfly.security.util.ServiceLoaderSupplier.

      For example this is stacktrace for calling ElytronXmlParser.parseAuthenticationClientConfiguration method from Servlet in war application:

      java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/user/jboss-eap-7.1/modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-1.1.1.Final-redhat-1.jar" "read")" in code source "(vfs:/content/wildfly-config-xml-dep.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.wildfly-config-xml-dep.war" from Service Module Loader")
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
        at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
        at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350)
        at sun.net.www.protocol.jar.JarFileFactory.getCachedJarFile(JarFileFactory.java:137)
        at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:81)
        at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
        at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
        at java.net.URL.openStream(URL.java:1038)
        at java.util.ServiceLoader.parse(ServiceLoader.java:304)
        at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
        at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
        at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
        at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
        at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
        at org.wildfly.security.util.ServiceLoaderSupplier.loadServices(ServiceLoaderSupplier.java:73)
        at org.wildfly.security.util.ServiceLoaderSupplier.lambda$get$0(ServiceLoaderSupplier.java:58)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.wildfly.security.util.ServiceLoaderSupplier.get(ServiceLoaderSupplier.java:58)
        at org.wildfly.security.util.ServiceLoaderSupplier.get(ServiceLoaderSupplier.java:39)
        at org.wildfly.security.auth.client.ElytronXmlParser$DeferredSupplier.get(ElytronXmlParser.java:2433)
        at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:115)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseClearPassword$40(ElytronXmlParser.java:2001)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$27(ElytronXmlParser.java:918)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$23(ElytronXmlParser.java:895)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$33(ElytronXmlParser.java:953)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$18(ElytronXmlParser.java:691)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$23(ElytronXmlParser.java:895)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$23(ElytronXmlParser.java:895)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$22(ElytronXmlParser.java:739)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$7(ElytronXmlParser.java:575)
        at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:599)
        at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:299)
        at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:176)
        at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:137)
    ...

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/8c033958d78fcb1c4756a7d6c878855b0c099bbe/src/main/java/org/wildfly/security/util/ServiceLoaderSupplier.java#L58

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1349 Incorrect doPrivileged usage causes AccessControlException (FilePermission) in Elytron's ServiceLoaderSupplier

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is related to

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-971 Fix issues in tests with Security Manager

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: