Details
-
Bug
-
Resolution: Done
-
Major
-
7.0.0.GA
-
- security-manager enabled
Description
If you enable security-manager (start RHDM with standalone-secure.sh) and build a kjar with 10+ rules, you will hit AccessControlException.
18:52:19,327 ERROR [org.kie.workbench.common.services.backend.builder.core.Builder] (EJB default - 3) WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null"): java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611) at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:308) at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274) at java.lang.ClassLoader.<init>(ClassLoader.java:316) at org.drools.core.base.ClassFieldAccessorCache$DefaultByteArrayClassLoader.<init>(ClassFieldAccessorCache.java:250) at org.drools.core.base.ClassFieldAccessorCache$CacheEntry.<init>(ClassFieldAccessorCache.java:167) at org.drools.core.base.ClassFieldAccessorCache.getCacheEntry(ClassFieldAccessorCache.java:145) at org.drools.core.base.ClassFieldAccessorCache.getClassObjectType(ClassFieldAccessorCache.java:50) at org.drools.core.base.ClassFieldAccessorStore.lambda$getClassObjectType$2(ClassFieldAccessorStore.java:206) at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660) at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:205) at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:193) at org.drools.compiler.rule.builder.PatternBuilder.buildPattern(PatternBuilder.java:271) at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:180) at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:151) at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:133) at org.drools.compiler.rule.builder.GroupElementBuilder.build(GroupElementBuilder.java:66) at org.drools.compiler.rule.builder.RuleBuilder.build(RuleBuilder.java:105) at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.addRule(KnowledgeBuilderImpl.java:1281) at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.lambda$compileRulesLevel$3(KnowledgeBuilderImpl.java:1242) at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184) at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:291) at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731) at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
This is caused by default ForkJoinPool which has no Permissions enabled:
https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ForkJoinPool.html
Multithread rule build is triggered when rules are more than PARALLEL_RULES_BUILD_THRESHOLD = 10 (hard-coded in 7.5.x)
Attachments
Issue Links
- causes
-
DROOLS-3535 Out of Memory Error when creating KieSession
- Closed
- is cloned by
-
RHDM-646 [GSS] (7.0.z) "java.security.AccessControlException: WFSM000001: Permission check failed" when enabled security-manager
- Closed
-
RHPAM-1266 "java.security.AccessControlException: WFSM000001: Permission check failed" when enabled security-manager
- Closed