Details
Description
If you enable security-manager (start RHPAM with standalone-secure.sh) and build a kjar with 10+ rules, you will hit AccessControlException.
18:52:19,327 ERROR [org.kie.workbench.common.services.backend.builder.core.Builder] (EJB default - 3) WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null"): java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "null" of "null")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:308)
at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274)
at java.lang.ClassLoader.<init>(ClassLoader.java:316)
at org.drools.core.base.ClassFieldAccessorCache$DefaultByteArrayClassLoader.<init>(ClassFieldAccessorCache.java:250)
at org.drools.core.base.ClassFieldAccessorCache$CacheEntry.<init>(ClassFieldAccessorCache.java:167)
at org.drools.core.base.ClassFieldAccessorCache.getCacheEntry(ClassFieldAccessorCache.java:145)
at org.drools.core.base.ClassFieldAccessorCache.getClassObjectType(ClassFieldAccessorCache.java:50)
at org.drools.core.base.ClassFieldAccessorStore.lambda$getClassObjectType$2(ClassFieldAccessorStore.java:206)
at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660)
at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:205)
at org.drools.core.base.ClassFieldAccessorStore.getClassObjectType(ClassFieldAccessorStore.java:193)
at org.drools.compiler.rule.builder.PatternBuilder.buildPattern(PatternBuilder.java:271)
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:180)
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:151)
at org.drools.compiler.rule.builder.PatternBuilder.build(PatternBuilder.java:133)
at org.drools.compiler.rule.builder.GroupElementBuilder.build(GroupElementBuilder.java:66)
at org.drools.compiler.rule.builder.RuleBuilder.build(RuleBuilder.java:105)
at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.addRule(KnowledgeBuilderImpl.java:1281)
at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.lambda$compileRulesLevel$3(KnowledgeBuilderImpl.java:1242)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:291)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
This is caused by default ForkJoinPool which has no Permissions enabled:
https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ForkJoinPool.html
Multithread rule build is triggered when rules are more than parallelRulesBuildThreshold (default = 10)
Attachments
Issue Links
- clones
-
RHDM-645 "java.security.AccessControlException: WFSM000001: Permission check failed" when enabled security-manager
-
- Closed
-
- is cloned by
-
-
- Closed
-
