-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
5.4.0.Final
-
None
We are using drools to create a RuleEngine. The rules are specified using Excel sheet and are getting compiled properly. But when the rules are executed, the dynamically generated Java-classes are giving the following security exception:
Stack trace:
Detail: Exception executing consequence for rule "FSA_Unmapped_Line" in spike.rules: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at org.drools.runtime.rule.impl.DefaultConsequenceExceptionHandler.handleException(DefaultConsequenceExceptionHandler.java:39)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1283)
at org.drools.common.DefaultAgenda.fireNextItem(DefaultAgenda.java:1209)
at org.drools.common.DefaultAgenda.fireAllRules(DefaultAgenda.java:1442)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:710)
at org.drools.common.AbstractWorkingMemory.fireAllRules(AbstractWorkingMemory.java:674)
at com.xxx.yyy.process(RulesEngine.java:50)
at com.xxx.yyy.performBaselineProcessing(AbstractRuleSource.java:366)
at com.xxx.yyy.RuleSource$RuleProcess.run(RuleSource.java:81)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.xxx.yyy.LocalSecurityManager.checkPermission(LocalSecurityManager.java:37)
at java.lang.ClassLoader.getParent(ClassLoader.java:1257)
at org.drools.rule.JavaDialectRuntimeData$PackageClassLoader.loadClass(JavaDialectRuntimeData.java:583)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.defaultConsequence(Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032.java:7)
at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvokerGenerated.evaluate(Unknown Source)
at spike.rules.Rule_FSA_Unmapped_Line_d3888b5292c7457598c050ce9919d032DefaultConsequenceInvoker.evaluate(Unknown Source)
at org.drools.common.DefaultAgenda.fireActivation(DefaultAgenda.java:1273)
... 10 more
We are having a SecurityManager installed to manage the permissions. Please note that with drools-5.3.1, the RuleEngine was working fine and the issue started coming as soon as we migrated to version 5.4. We have tried to use JANINO java compiler, but that does not resolve the problem. Granting RuntimePermission to get/create ClassLoader is not an option as it will leave security loophole and we cannot do this.
Kindly fix this issue in drools-5.4 and let us know an ETA for the patch.