-
1. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Jul 31, 2017 1:52 AM (in response to gipathak)Can you past your standalone.xml security manager configuration?
There should be defined minimum-set to be applied to deployment. maximum-set is just upper limit deployment should not come over.
You can alternatively configure permission in myapp.war/META-INF/permissions.xml
-
2. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 3, 2017 3:05 PM (in response to mchoma)Martin , below is my standalone.xml with minimum-set of permissions, can you please suggest me the solution for this problem ?
<minimum-set> <permission class="java.lang.RuntimePermission" name="getClassLoader"/> <permission class="java.util.PropertyPermission" name="com.sun.jersey.core.util.ReaderWriter.BufferSize" actions="read"/> <permission class="java.lang.reflect.ReflectPermission" name="suppressAccessChecks"/> <permission class="java.io.FilePermission" name="<<ALL FILES>>" actions="read,write,delete,execute"/> <permission class="java.lang.RuntimePermission" name="accessDeclaredMembers"/> <permission class="java.util.PropertyPermission" name="hibernate.enable_specj_proprietary_syntax" actions="read"/> <permission class="java.lang.RuntimePermission" name="getProtectionDomain"/> <permission class="java.net.SocketPermission" name="*" actions="connect,listen,resolve"/> <permission class="java.util.PropertyPermission" name="org.postgresql.forceBinary" actions="read"/> <permission class="java.lang.RuntimePermission" name="getenv.NetworkType"/> <permission class="java.lang.RuntimePermission" name="shutdownHooks"/> <permission class="javax.management.MBeanPermission" name="*" actions="queryNames"/> <permission class="javax.management.MBeanServerPermission" name="*"/> <permission class="javax.management.MBeanPermission" name="*" actions="registerMBean"/> <permission class="javax.management.MBeanPermission" name="*" actions="unregisterMBean"/> <permission class="javax.management.MBeanTrustPermission" name="*"/> <permission class="java.util.PropertyPermission" name="*" actions="read,write"/> <permission class="java.security.SecurityPermission" name="putProviderProperty.SunJCE"/> <permission class="java.lang.RuntimePermission" name="accessClassInPackage.sun.reflect"/> <permission class="java.lang.RuntimePermission" name="createClassLoader"/> <permission class="java.lang.RuntimePermission" name="setContextClassLoader"/> <permission class="java.net.NetPermission" name="specifyStreamHandler"/> <permission class="java.lang.RuntimePermission" name="createSecurityManager"/> <permission class="java.lang.RuntimePermission" name="getenv.DeploymentMode"/> <permission class="java.lang.RuntimePermission" name="getenv.Flavor"/> <permission class="java.lang.RuntimePermission" name="getenv.HOSTNAME"/> <permission class="java.lang.RuntimePermission" name="setFactory" actions="*"/> <permission class="org.osgi.framework.AdminPermission" name="(id=0)" actions="context"/> </minimum-set>
-
3. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Aug 4, 2017 4:55 AM (in response to gipathak)Is specifying META-INF/permisison.xml option for you?
Are you able to construct simple war to reproduce this? To see if this could be the bug? (standalone.xml security manager configuration with OSGI based application)
-
4. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 4, 2017 5:09 AM (in response to mchoma)No we don't have permission.xml separate we are doing in standalone.xml itself we are having three wars like A.war,B.war and C.war all are deployed in wildfly10 and with minimum-set A.war(with jersey container),B.war(with some other technology) are deploy-able and able to access A, B applications but C.war using OSGI framework and it is expecting to enable all permission but i don't know how to enable all permission only for C.war application . And I am able to construct simple war , but for C.war which is using OSGI framework not able to run C application was getting above security exception which i explained above.
-
5. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Aug 4, 2017 5:32 AM (in response to gipathak)I have created the ticket [WFCORE-3147] Getting org.osgi.framework.AdminPermission check failed with security manager - JBoss Issue Tracker , where you can upload a reproducer war.
META-INF/permisison.xml could be a way how to workaround this. If there is no META-INF/permisison.xml in C.war it does not mean there can't be one
-
6. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 4, 2017 5:46 AM (in response to mchoma)Thanks for reply Martin , ok if I add permission.xml in META-INF should i need to register permission.xml in wildfly somewhere can you please give me a sample example link how security subsystem will come to know that , it has to read permissions from permission.xml is there any configuration where i need to tell to application server like please read only c.war permission from permissions.xml?
-
7. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Aug 4, 2017 6:03 AM (in response to gipathak)1 of 1 people found this helpfulNo need to edit standalone.xml. META-INF/permissions.xml will be looked up automatically in deployment. If you will have META-INF/permissions.xml only in c.war, META-INF/permissions.xml will be applied only for c.war
-
8. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 4, 2017 6:16 AM (in response to mchoma)Wowwwww!!!!!! thanks a lot Martin saved my day will follow this. you mean if I give permission.xml for c.war , application server will not look into standalone.xml right , it will give the priority to permission.xml am I right Martin?
-
9. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Aug 9, 2017 1:17 AM (in response to mchoma)Hello Girish,
could you upload reproducible simple OSGI war on [WFCORE-3147] Getting org.osgi.framework.AdminPermission check failed with security manager - JBoss Issue Tracker as you agreed. I will try if this could be general security manager vs. OSGII problem.
Martin
-
10. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 9, 2017 5:59 AM (in response to mchoma)Hi Martin , I tried uploading my sample war it is not allowing me to upload, I am getting exception saying file exceeds maximum size limit set by the administrator(20.00 MB) and even I tried zipping my sample war , attaching but still it is exceeding the limit. Can you please suggest me any alternate option?
-
11. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
mchoma Aug 9, 2017 6:40 AM (in response to gipathak)Could you slim down war to minimal, while issue is still reproducible? Ideally just part which triggers exception.
-
12. Re: Getting org.osgi.framework.AdminPermission check failed after enabling security manager flag in wildfly
gipathak Aug 9, 2017 10:27 AM (in response to mchoma)Hi Martin, I have uploaded sample war, which is having issue with OSGI, can you please have a look , please let me know if you need more information.