Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-9386

Several tests need FilePermission for standalone/tmp/auth to pass with security manager

    Details

    • Steps to Reproduce:
      Hide

      cd wildfly/testsuite/integration/basic
      mvn clean test -Dtest=EEConcurrencySuspendTestCase -Dsecurity.manager

      Show
      cd wildfly/testsuite/integration/basic mvn clean test -Dtest=EEConcurrencySuspendTestCase -Dsecurity.manager

      Description

      EEConcurrencySuspendTestCase fails with security manager because of missing permission "("java.io.FilePermission" "/home/okotek/git/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local6548003668083005195.challenge" "read")" in code source "(vfs:/content/ee-suspend.war/WEB-INF/classes <no signer certificates>)":

      java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed
      	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
      	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
      	at org.jboss.as.test.integration.ee.suspend.EEConcurrencySuspendTestCase.testRequestInShutdown(EEConcurrencySuspendTestCase.java:125)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
      	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
      	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
      	at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379)
      	at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
      	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
      	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
      	at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
      	at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
      	at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136)
      	at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372)
      	at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246)
      	at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
      	at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
      	at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260)
      	at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324)
      	at org.jboss.arquillian.container.test.impl.execution.BeforeLifecycleEventExecuter.on(BeforeLifecycleEventExecuter.java:35)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
      	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
      	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
      	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
      	at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159)
      	at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317)
      	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
      	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
      	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
      	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
      	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
      	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
      	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
      	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
      	at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205)
      	at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
      	at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
      	at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219)
      	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
      	at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167)
      	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
      	at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
      	at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66)
      	at org.jboss.arquillian.protocol.jmx.JMXTestRunner.doRunTestMethod(JMXTestRunner.java:180)
      	at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.doRunTestMethod(ArquillianService.java:200)
      	at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethodInternal(JMXTestRunner.java:162)
      	at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethod(JMXTestRunner.java:141)
      	at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.runTestMethod(ArquillianService.java:176)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275)
      	at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112)
      	at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46)
      	at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237)
      	at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138)
      	at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252)
      	at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
      	at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
      	at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.invoke(PluggableMBeanServerImpl.java:1475)
      	at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:724)
      	at org.jboss.as.jmx.BlockingNotificationMBeanServer.invoke(BlockingNotificationMBeanServer.java:168)
      	at org.jboss.as.jmx.AuthorizingMBeanServer.invoke(AuthorizingMBeanServer.java:258)
      	at org.jboss.remotingjmx.protocol.v2.ServerProxy$InvokeHandler.handle(ServerProxy.java:950)
      	at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1$1.run(ServerCommon.java:153)
      	at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:71)
      	at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:66)
      	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287)
      	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244)
      	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
      	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
      	at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor.handleEvent(ServerInterceptorFactory.java:66)
      	at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1.run(ServerCommon.java:149)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed
      	at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:128)
      	at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
      	at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
      	at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:162)
      	at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146)
      	at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60)
      	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
      	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
      	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
      	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
      	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
      	... 147 more
      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
         JBOSS-LOCAL-USER: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/okotek/git/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local6548003668083005195.challenge" "read")" in code source "(vfs:/content/ee-suspend.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ee-suspend.war" from Service Module Loader")
      	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)
      	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446)
      	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
      	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
      	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
      	at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
      	at ...asynchronous invocation...(Unknown Source)
      	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)
      	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:532)
      	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:520)
      	at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:204)
      	at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:120)
      	... 157 more
      	Suppressed: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/okotek/git/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local6548003668083005195.challenge" "read")" in code source "(vfs:/content/ee-suspend.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ee-suspend.war" from Service Module Loader")
      		at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
      		at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
      		at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
      		at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350)
      		at java.io.FileInputStream.<init>(FileInputStream.java:127)
      		at org.wildfly.security.sasl.localuser.LocalUserClient.evaluateMessage(LocalUserClient.java:93)
      		at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
      		at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:59)
      		at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
      		at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
      		at java.security.AccessController.doPrivileged(Native Method)
      		at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
      		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650)
      		at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
      		... 3 more
      

      Adding the permission helps. Like in JBEAP-12975.

      There are other such tests:

      • org.jboss.as.test.integration.jca.capacitypolicies.DatasourceCapacityPoliciesTestCase#testNonDefaultDecrementerAndIncrementer
      • org.jboss.as.test.integration.jca.capacitypolicies.ResourceAdapterCapacityPoliciesTestCase#testNonDefaultDecrementerAndIncrementer
      • org.jboss.as.test.integration.jca.capacitypolicies.XADatasourceCapacityPoliciesTestCase#testNonDefaultDecrementerAndIncrementer

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  treblereel Dmitrii Tikhomirov
                  Reporter:
                  okotek Ondrej Kotek
                  Tester:
                  Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: