Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-2496

org.jboss.weld.literal.BeforeDestroyedLiteral may fail to initialize with a security manager

    Details

      Description

      The class org.jboss.weld.literal.BeforeDestroyedLiteral has an implicit class initializer which calls it static of method, which in turn calls the class constructor, which in turn calls the implicit superclass constructor javax.enterprise.util.AnnotationLiteral#AnnotationLiteral, which in turn calls javax.enterprise.util.AnnotationLiteral#getMembers which requires special security manager permissions since it uses the reflection API to get declared members.

      A class static initialization may be performed from any context. If it performs operations which require special privileges, then the static initialization steps must be enclosed in a AccessController#doPrivileged call.

      One example failure within the WildFly test suite has the following stack trace:

      Breakpoint reached
      	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
      	  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
      	  at java.lang.Class.checkMemberAccess(Class.java:2348)
      	  at java.lang.Class.getDeclaredMethods(Class.java:1974)
      	  at javax.enterprise.util.AnnotationLiteral.getMembers(AnnotationLiteral.java:78)
      	  at javax.enterprise.util.AnnotationLiteral.<init>(AnnotationLiteral.java:69)
      	  at org.jboss.weld.literal.BeforeDestroyedLiteral.<init>(BeforeDestroyedLiteral.java:50)
      	  at org.jboss.weld.literal.BeforeDestroyedLiteral.of(BeforeDestroyedLiteral.java:47)
      	  at org.jboss.weld.literal.BeforeDestroyedLiteral.<clinit>(BeforeDestroyedLiteral.java:34)
      	  at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor$2.computeValue(AbstractEJBRequestScopeActivationInterceptor.java:58)
      	  at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor$2.computeValue(AbstractEJBRequestScopeActivationInterceptor.java:54)
      	  at org.jboss.weld.util.LazyValueHolder.get(LazyValueHolder.java:46)
      	  at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:83)
      	  at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponentDescription$5$1.processInvocation(MessageDrivenComponentDescription.java:243)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
      	  at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:619)
      	  at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
      	  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
      	  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
      	  at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
      	  at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
      	  at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
      	  at org.jboss.as.test.integration.ee.injection.resource.enventry.TestEnvEntryMDBean$$$view1.onMessage(Unknown Source:-1)
      	  at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
      	  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	  at java.lang.reflect.Method.invoke(Method.java:498)
      	  at org.jboss.as.ejb3.inflow.MessageEndpointInvocationHandler.doInvoke(MessageEndpointInvocationHandler.java:139)
      	  at org.jboss.as.ejb3.inflow.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:73)
      	  at org.jboss.as.test.integration.ee.injection.resource.enventry.TestEnvEntryMDBean$$$endpoint1.onMessage(Unknown Source:-1)
      	  at org.apache.activemq.artemis.ra.inflow.ActiveMQMessageHandler.onMessage(ActiveMQMessageHandler.java:303)
      	  at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.callOnMessage(ClientConsumerImpl.java:1001)
      	  at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.access$400(ClientConsumerImpl.java:49)
      	  at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl$Runner.run(ClientConsumerImpl.java:1124)
      	  at org.apache.activemq.artemis.utils.OrderedExecutorFactory$OrderedExecutor$ExecutorTask.run(OrderedExecutorFactory.java:122)
      	  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	  at java.lang.Thread.run(Thread.java:748)
      Perm = ("java.lang.RuntimePermission" "accessDeclaredMembers"), CS = (vfs:/content/env-entry-test.jar <no signer certificates>), CL = ModuleClassLoader for Module "deployment.env-entry-test.jar" from Service Module Loader, ID = 34549a6d
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  manovotn Matěj Novotný
                  Reporter:
                  dmlloyd David Lloyd
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: