3 Replies Latest reply on Jun 27, 2014 12:39 PM by lsgroup

    Wildfly AccessControlException setting security policy

    lsgroup

      Hi,

       

      I'm getting an AccessControlException:

       

      Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "uka.karmi.useDistributedThreads" "read")

        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457) [rt.jar:1.8.0_05]

        at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_05]

        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_05]

        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294) [rt.jar:1.8.0_05]

        at java.lang.System.getProperty(System.java:714) [rt.jar:1.8.0_05]

       

      I'm running my wildfly server with VM argument:

       

      -Djava.security.policy=/opt/misc/test.policy


      Where test.policy looks like:


      grant {

         permission java.security.AllPermission;

      };

       

      I also tried modifying test.policy:

       

      grant {

         permission java.security.AllPermission;

        permission java.util.PropertyPermission "uka.karmi.useDistributedThreads", "read";

      };

       

      but still get the same error.

        • 1. Re: Wildfly AccessControlException setting security policy
          lsgroup

          I forgot to mention that I am running jdk 8.  I noticed that JDK 8 uses a new method of security - jar file manifest attributes.  Are these permissions attributes applicable to an ear deployed inside Wildfly?

          • 2. Re: Wildfly AccessControlException setting security policy
            lsgroup

            Adding a MANIFEST.MF with text:

            Permissions: all-permissions

             

            did not change the situation.  However, I found this post:

            8.0.0.Aplha2 java.security.AccessControlException: access denied ("java.util.logging.LoggingPermission" "control")

             

            I applied the following changes to standalone-full.xml

            <extension module="org.wildfly.extension.security.manager" />

            ...

                    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">

                        <deployment-permissions>

                            <minimum-set>

                                <permission class="java.io.FilePermission" name="/tmp" actions="read,write"/>

                                <permission class="java.io.FilePermission" name="/opt" actions="read"/>

                                <permission class="java.lang.RuntimePermission" name="createClassLoader"/>

                                <permission class="java.util.logging.LoggingPermission" name="control"/>

                                <permission class="java.security.AllPermission"/>

                            </minimum-set>

                            <maximum-set>

                                <permission class="java.security.AllPermission"/>

                            </maximum-set>

                        </deployment-permissions>

                    </subsystem>

            And got past the initial error.  However, when running my application, I get ...

             

            19:30:32,724 ERROR [stderr] (default task-1) java.lang.SecurityException: WFSM000002: Security manager may not be changed

            • 3. Re: Wildfly AccessControlException setting security policy
              lsgroup

              The last error about Security manager may not be changed has to do with some specific code I have which might be better posted as a separate post.