Uploaded image for project: 'JBRULES'
  1. JBRULES
  2. JBRULES-3540

.AccessControlException occurs when Rules are executed with drools-5.4

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 5.4.0.Final
    • drools-core
    • None

      We are using drools to create a RuleEngine. The rules are specified using Excel sheet and are getting compiled properly. But when the rules are executed, the dynamically generated Java-classes are giving the following security exception:

      Stack trace:
      Detail: Exception executing consequence for rule "FSA_Unmapped_Line" in spike.rules: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
      at org.drools.runtime.rule.impl.DefaultConsequenceExceptionHandler.handleException(DefaultConsequenceExceptionHandler.java:39)
      at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1283)
      at org.drools.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1209)
      at org.drools.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1442)
      at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:710)
      at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:674)
      at com.xxx.yyy.process(RulesEngine.java:50)
      at com.xxx.yyy.performBaselineProcessing(AbstractRuleSource.java:366)
      at com.xxx.yyy.RuleSource$RuleProcess.run(RuleSource.java:81)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
      at java.security.AccessController.checkPermission(AccessController.java:546)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at com.xxx.yyy.LocalSecurityManager.checkPermission(LocalSecurityManager.java:37)
      at java.lang.ClassLoader.getParent(ClassLoader.java:1257)
      at org.drools.rule.JavaDialectRuntimeData$PackageClassLoader.loadClass(JavaDialectRuntimeData.java:583)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
      at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.defaultConsequence(Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.java:7)
      at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
      at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvoker.evaluate(Unknown Source)
      at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1273)
      ... 10 more

      We are having a SecurityManager installed to manage the permissions. Please note that with drools-5.3.1, the RuleEngine was working fine and the issue started coming as soon as we migrated to version 5.4. We have tried to use JANINO java compiler, but that does not resolve the problem. Granting RuntimePermission to get/create ClassLoader is not an option as it will leave security loophole and we cannot do this.

      Kindly fix this issue in drools-5.4 and let us know an ETA for the patch.

            mproctor@redhat.com Mark Proctor
            a.srivastava Abhishek Srivastava (Inactive)
            Archiver:
            rhn-support-ceverson Clark Everson

              Created:
              Updated:
              Archived: