Hello,
Our application developed using Oracle ADF is deployed as several wars and Wildfly 10.1 has security activated. The minimum set of permissions in standalone.xml file contains several permissions required by at least 2 of the wars. Among them there is the following:
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<minimum-set>
…
<permission class="java.lang.RuntimePermission" name="accessClassInPackage.*" />
…
</minimum-set>
<maximum-set>
<permission class="java.security.AllPermission"/>
</maximum-set>
</deployment-permissions>
</subsystem>
The permissions.xml file of one particular war that is using ADF code (and thus Groovy) contains the following entries (required by Groovy):
| | <permission> |
| | | <class-name>groovy.security.GroovyCodeSourcePermission</class-name> |
| | | <name>/groovy/shell</name> |
| | | <actions>read</actions> |
| | </permission> |
| | <!--==========================================================================================--> |
| | <!--java.io.FilePermission--> |
| | <permission> |
| | | <class-name>java.io.FilePermission</class-name> |
| | | <name>/groovy/shell</name> |
| | | <actions>read</actions> |
| | </permission> |
However, when running the application I have a security check failed
11:17:20,395 DEBUG [org.wildfly.security.access] (default task-114) Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")" in code source "(null <no signer certificates>)" of "org.codehaus.groovy.reflection.SunClassLoader@4c999ec0")
Why?
The class org.codehaus.groovy.reflection.SunClassLoader.class is inside a jar groovy-all-2.1.6.jar that can be found in the WEB-INF\lib folder of the particular war.
Giving all permissions to this jar (via a jboss-permissions.xml file) does not solve the issue.
Any idea how can we solve the issue?
Thank you
