3 Replies Latest reply on Nov 11, 2016 4:52 PM by eshevchenko

    Wildfly security - module - permisssions

    eshevchenko

      Hello! I need an advice!

      I have a goal: Upload jar and be able to run class implementations for particular interface. I would like to specify a permission set, which is allowable for uploaded jar. But I have my own implementation in classpath, and I wouldn't like to make any restrictions for my implementation.

      My design:

      I have Wildfly with enabled security.

      I have web app which has endpoint for uploading jar. Let me call it "my-app". In this war I have permissions.xml(according javaee7) with granting AllPermission

      I have wildfly module which can find(via SPI) new implementations(by URL) for particular interface(Let me call it "SomeInterface"). I have restricted permission set for this module. Let me call this module "my-runner".

      I have wildfly module with my implementation for "SomeInterface". I have granted AllPermission for this module. Let me call it "my-impl"

      Also I have a dependency in "my-runner" module to "my-impl"module.

       

      So, one more time, I have an endpoint in my-app which will lookup particular class via JNDI from "my-runner" module, where I want to run SomeInterface's implementations with restricted permission set except "my-impl" implementation.

       

      Unfortunately, "my-impl" has the the same restrictions as "my-runner" module.

       

      I will be appreciate for any comments.