0 Replies Latest reply on Mar 30, 2016 6:25 AM by pmm

    Migrating application to SecurityManager

    pmm
    pmm Mar 30, 2016 6:25 AM

      We have an existing application in an EAR and are looking into what it would take to migrate it work under a security manager. We run into some issues:

      • Can we use expressions for FilePermission like "${env:INPUT_FOLDER}/-" or does only the property syntax work?
      • When we enable the security-manager subsystem, start WildFly with -secmgr and have a permissions.xml in the EAR file the security manager seems to be active for a RAR outside the EAR.
        • The RAR is deployed outside of the EAR, the EAR uses the RAR for message driven EJBs. The RAR does all kinds of nasty things like like setting system properties. This seems to break when we restrict our application to only reading system properties. The RAR is supplied by a vendor and we trust it implicitly.
      • We would like to grant the application read access to files in subdeployments of the EAR (eg. JARs in the lib/-folder). However as the application is exploded reading files in subdeployments seems to require a FilePermission.
      • 365 Views
      • Tags: