Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4880

Permission names are not persisted in the domain model

    XMLWordPrintable

Details

    • Hide 
      # run the server
./standalone.sh

# add 2 permission nodes to domain model with the same permission settings:
./jboss-cli.sh -c << EOT
/subsystem=security-manager/deployment-permissions=default/maximum-set=default/permission=test1:add(class=java.io.FilePermission, name="/-", actions=read)
/subsystem=security-manager/deployment-permissions=default/maximum-set=default/permission=test2:add(class=java.io.FilePermission, name="/-", actions=read)
reload
EOT

      The reload fails with:

      14:34:38,100 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 2) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "security-manager"),
    ("deployment-permissions" => "default"),
    ("maximum-set" => "default"),
    ("permission" => "java.io.FilePermission|/-|read")
]) - failure description: "WFLYCTL0212: Duplicate resource [
    (\"subsystem\" => \"security-manager\"),
    (\"deployment-permissions\" => \"default\"),
    (\"maximum-set\" => \"default\"),
    (\"permission\" => \"java.io.FilePermission|/-|read\")
]"
14:34:38,109 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem security-manager boot operations"
14:34:38,110 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem security-manager boot operations\""
14:34:38,114 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
      Show
      # run the server ./standalone.sh # add 2 permission nodes to domain model with the same permission settings: ./jboss-cli.sh -c << EOT /subsystem=security-manager/deployment-permissions= default /maximum-set= default /permission=test1:add(class=java.io.FilePermission, name= "/-" , actions=read) /subsystem=security-manager/deployment-permissions= default /maximum-set= default /permission=test2:add(class=java.io.FilePermission, name= "/-" , actions=read) reload EOT The reload fails with: 14:34:38,100 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 2) WFLYCTL0013: Operation ( "add" ) failed - address: ([ ( "subsystem" => "security-manager" ), ( "deployment-permissions" => " default " ), ( "maximum-set" => " default " ), ( "permission" => "java.io.FilePermission|/-|read" ) ]) - failure description: "WFLYCTL0212: Duplicate resource [ (\ "subsystem\" => \ "security-manager\" ), (\ "deployment-permissions\" => \ " default \" ), (\ "maximum-set\" => \ " default \" ), (\ "permission\" => \ "java.io.FilePermission|/-|read\" ) ]" 14:34:38,109 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread ) "WFLYCTL0193: Failed executing subsystem security-manager boot operations" 14:34:38,110 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread ) WFLYCTL0013: Operation ( "parallel-subsystem-boot" ) failed - address: ([]) - failure description: "\" WFLYCTL0193: Failed executing subsystem security-manager boot operations\"" 14:34:38,114 FATAL [org.jboss.as.server] (Controller Boot Thread ) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

    Description

      Permission names used in the security-manager subsystem model are not persisted. It can simply lead to non-bootable server configuration.

      Expected behavior:
      The names used for permission model nodes are persisted in the model (e.g. in an alias attribute).

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-407 Permission names are not persisted in the domain model

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. WFLY-4898 Change in permissions is not visible until server reload

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              kkhan1@redhat.com Kabir Khan
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: