Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
1.0.0.Beta12
-
None
-
None
Description
When running the JBossWS testsuite [1] against WFLY master with security manager enabled I'm getting an unexpected exception on Hudson runs:
09:40:28,524 ERROR [io.undertow.request] (default task-14) Servlet request failed HttpServerExchange{ POST /jaxws-cxf-jbws3060-jse/ServiceTwo/EndpointTwo}: java.security.AccessControlException: WFSM000001: Permission check failed for ("java.lang.RuntimePermission" "MODIFY_UNDERTOW_SECURITY_CONTEXT")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:221)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:130)
at io.undertow.security.impl.SecurityContextImpl.<init>(SecurityContextImpl.java:83) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:65) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:207) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:194) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:72) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:128) [undertow-servlet-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.server.HttpHandlers.executeRootHandler(HttpHandlers.java:36) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:614) [undertow-core-1.0.0.Beta12.jar:1.0.0.Beta12]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_15]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_15]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_15]
The failing tests changes among different runs and I can't reproduce the issue locally (I suspect something related to test execution order).
In any case, as per Stuart's comment on IRC, the code in the stacktrace above should always be passing the permission check, regardless of the permissions granted to deployments.
[1] http://jbossws.jboss.org:8180/hudson/job/CXF-CORE-AS-8.0.0-SECMGR/2/
