-
Type:
Bug
-
Status: Verified (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 7.0.0.GA
-
Fix Version/s: 7.1.0.GA
-
Component/s: BRE
-
Labels:
-
Environment:
- security-manager enabled
-
Target Release:
-
Fix Build:CR1
-
Steps to Reproduce:
-
Git Pull Request:
If you enable security-manager (start RHDM with standalone-secure.sh) and build a kjar with 10+ rules, you will hit AccessControlException.
18:52:19,327 ERROR [org.kie.workbench.common.services.backend.builder.core.Builder] (EJB default - 3) WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null"): java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null")
|
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
|
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
|
at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
|
at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:308)
|
at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274)
|
at java.lang.ClassLoader.<init>(ClassLoader.java:316)
|
at org.drools.core.base.ClassFieldAccessorCache$DefaultByteArrayClassLoader.<init>(ClassFieldAccessorCache.java:250)
|
at org.drools.core.base.ClassFieldAccessorCache$CacheEntry.<init>(ClassFieldAccessorCache.java:167)
|
at org.drools.core.base.ClassFieldAccessorCache.getCacheEntry(ClassFieldAccessorCache.java:145)
|
at org.drools.core.base.ClassFieldAccessorCache.getClassObjectType(ClassFieldAccessorCache.java:50)
|
at org.drools.core.base.ClassFieldAccessorStore.lambda$getClassObjectType$2(ClassFieldAccessorStore.java:206)
|
at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660)
|
at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:205)
|
at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:193)
|
at org.drools.compiler.rule.builder.PatternBuilder.buildPattern(PatternBuilder.java:271)
|
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:180)
|
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:151)
|
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:133)
|
at org.drools.compiler.rule.builder.GroupElementBuilder.build(GroupElementBuilder.java:66)
|
at org.drools.compiler.rule.builder.RuleBuilder.build(RuleBuilder.java:105)
|
at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.addRule(KnowledgeBuilderImpl.java:1281)
|
at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.lambda$compileRulesLevel$3(KnowledgeBuilderImpl.java:1242)
|
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
|
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
|
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
|
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
|
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:291)
|
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
|
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
|
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
|
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
|
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
|
This is caused by default ForkJoinPool which has no Permissions enabled:
https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ForkJoinPool.html
Multithread rule build is triggered when rules are more than PARALLEL_RULES_BUILD_THRESHOLD = 10 (hard-coded in 7.5.x)
- cloned to
-
-
- Closed
-
-
-
- Verified
-
