Bug 1006876

Summary: EAP fails to shutdown on ibm jdk 6 with SecurityException: unable to instantiate Subject-based policy
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Richard Janík <rjanik>
Component: Domain Management, Transaction ManagerAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Kremensky <pkremens>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: brian.stansberry, emuckenh, jcacek, jkudrnac, jmartisk, jstefl, mbabacek, ochaloup, rsvoboda
Target Milestone: ER3Keywords: Regression, TestBlocker
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:22:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1008337    

Description Richard Janík 2013-09-11 12:44:07 UTC 
Description of problem:

EAP 6.2.0.ER1
smoke tests

shutdown command fails:
{
    "outcome" => "failed",
    "failure-description" => "JBAS014749: Operation handler failed: unable to instantiate Subject-based policy",
    "rolled-back" => true
}


full stacktrace:
[0m[31m02:50:22,461 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) JBAS014612: Operation ("read-attribute") failed - address: ([]): java.lang.SecurityException: unable to instantiate Subject-based policy
	at javax.security.auth.Policy.getPolicyNoCheck(Policy.java:268) [rt.jar:1.6.0]
	at javax.security.auth.Policy.getPolicy(Policy.java:219) [rt.jar:1.6.0]
	at javax.security.auth.SubjectDomainCombiner$5.run(SubjectDomainCombiner.java:513) [rt.jar:1.6.0]
	at java.security.AccessController.doPrivileged(AccessController.java:228) [vm.jar:]
	at javax.security.auth.SubjectDomainCombiner.compatPolicy(SubjectDomainCombiner.java:509) [rt.jar:1.6.0]
	at javax.security.auth.SubjectDomainCombiner.combine(SubjectDomainCombiner.java:223) [rt.jar:1.6.0]
	at java.security.AccessController.getContext(AccessController.java:167) [vm.jar:]
	at org.jboss.as.controller.SecurityActions$CreateCallerActions$1.getCaller(SecurityActions.java:151) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.SecurityActions.getCaller(SecurityActions.java:136) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.AbstractOperationContext.getCaller(AbstractOperationContext.java:870) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.OperationContextImpl.getBasicAuthorizationResponse(OperationContextImpl.java:1120) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1053) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1018) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.OperationContextImpl.getResourceRegistration(OperationContextImpl.java:267) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.operations.global.ReadAttributeHandler.doExecuteInternal(ReadAttributeHandler.java:119) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.operations.global.ReadAttributeHandler.doExecute(ReadAttributeHandler.java:96) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.operations.global.GlobalOperationHandlers$AbstractMultiTargetHandler.execute(GlobalOperationHandlers.java:284) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:625) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:503) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:285) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:280) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:217) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:134) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:194) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:150) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:146) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at java.security.AccessController.doPrivileged(AccessController.java:310) [vm.jar:]
	at javax.security.auth.Subject.doAs(Subject.java:573) [rt.jar:1.6.0]
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:146) [jboss-as-controller-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$2$1.doExecute(AbstractMessageHandler.java:296) [jboss-as-protocol-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:518) [jboss-as-protocol-7.3.0.Final-redhat-1.jar:7.3.0.Final-redhat-1]
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908) [rt.jar:1.6.0]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931) [rt.jar:1.6.0]
	at java.lang.Thread.run(Thread.java:738) [vm.jar:1.6.0]
	at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.1.Final-redhat-1.jar:2.1.1.Final-redhat-1]
Comment 1 Michal Karm Babacek 2013-09-11 13:30:42 UTC 
I've just cross-checked with EAP 6.1.1.ER7 on the same JDK with the same environment and this error didn't appear.

Furthermore, I confirm that this error does not occur on OpenJDK6, OpenJDK7, Opeacle JDK6, Opracle JDK7 nor on IBM JDK7  [both RHEL 6/5] 


One may want to see the full error log: https://url.corp.redhat.com/3154abf  (a simple test that starts several AS7 instances...)
Comment 2 Rostislav Svoboda 2013-09-13 12:26:14 UTC 
We have met this error in interoperability tests too.
Comment 3 Ondrej Chaloupka 2013-09-17 14:02:33 UTC 
There is not possible to do any DMR operation on java IBM JDK6. It really blocks my testing as I use arquillian tests and doing changes via DMR api.

Reproduce:
 - switch to IBM JDK 6
 - $JBOSS_HOME/bin/standalone.sh
 - $JBOSS_HOME/bin/jboss-cli.sh

You'll get exceptions like:
BAS014612: Operation ("read-children-types") failed - address: ([]): java.lang.SecurityException: unable to instantiate Subject-based policy
and
JBAS014612: Operation ("read-attribute") failed - address: ([]): java.lang.SecurityException: unable to instantiate Subject-based policy
Comment 4 Jitka Kozana 2013-09-18 08:00:45 UTC 
ER2 update: this is still an important and test blocking issue. 

See the snippet of the server log here: http://pastebin.test.redhat.com/164593
Comment 6 Petr Kremensky 2013-09-30 12:13:00 UTC 
Verified on EAP 6.2.0.ER3