0 Replies Latest reply on Jul 14, 2017 2:34 AM by adityan

    Unable to deploy application when Java Security Manager is enabled on JBoss 6.x EAP

    adityan
    adityan Jul 14, 2017 2:34 AM

      I have deployed my application on JBoss 6.x EAP. After enabling security manager, deployment fails with following exception.

       

      Caused by: java.security.AccessControlException: access denied ("org.jboss.vfs.VirtualFilePermission" "/E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/WEB-INF/lib/spring-web-4.1.9.RELEASE.jar/org/springframework/web/context/ContextLoader.properties" "read")

              at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [rt.jar:1.8.0_101]

              at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_101]

              at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_101]

              at org.jboss.vfs.VirtualFile.openStream(VirtualFile.java:248) [jboss-vfs-3.2.9.Final-redhat-1.jar:3.2.9.Final-redhat-1]

              at org.jboss.as.server.deployment.module.VFSResourceLoader$VFSEntryResource.openStream(VFSResourceLoader.java:329)

              at org.jboss.modules.Module.getResourceAsStream(Module.java:637) [jboss-modules.jar:1.3.6.Final-redhat-1]

              at org.jboss.modules.ModuleClassLoader.findResourceAsStream(ModuleClassLoader.java:587) [jboss-modules.jar:1.3.6.Final-redhat-1]

              at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:362) [jboss-modules.jar:1.3.6.Final-redhat-1]

              at java.lang.Class.getResourceAsStream(Class.java:2223) [rt.jar:1.8.0_101]

              at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:163) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]

              at org.springframework.core.io.support.PropertiesLoaderUtils.fillProperties(PropertiesLoaderUtils.java:132) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]

              at org.springframework.core.io.support.PropertiesLoaderUtils.loadProperties(PropertiesLoaderUtils.java:121) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]

              at org.springframework.web.context.ContextLoader.<clinit>(ContextLoader.java:176) [spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]

       

       

      I have followed steps mentioned in security guide:

      https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/Run_JBoss_Enterprise_Application_Platform_Within_the_Java_Security_Manager.html

       

      I have attached standalone.conf.bat and server.policy file for reference.

       

      Please let me know if I have missed any steps or is it server issue.

       

      Thanks in advance..