Bug 1035232
Summary: | [CCC] (6.3) EAP Domain mode is not working properly with Security manager | |||
---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Josef Cacek <jcacek> | |
Component: | Domain Management | Assignee: | Brian Stansberry <brian.stansberry> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Kremensky <pkremens> | |
Severity: | high | Docs Contact: | Lucas Costi <lcosti> | |
Priority: | unspecified | |||
Version: | 6.2.0 | CC: | brian.stansberry, cdewolf, darran.lofthouse, emuckenh, jawilson, jcacek, jkudrnac, jskeoch, kkhan, lcosti, myarboro, olukas, smumford | |
Target Milestone: | DR0 | Flags: | brian.stansberry:
needinfo-
|
|
Target Release: | EAP 6.3.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
In previous versions of JBoss EAP 6, servers in a managed domain would not launch successfully if they were configured to use a Java Security Manager without specifying the classname of the Security Manager.
For example, this is commonly done when using the default Security Manager by specifying `-Djava.security.manager` in either` domain.conf` or as a command line parameter.
This issue occurred because a system property without a value was passed by Host Controllers to their managed servers with the value of `true`. This meant that the servers would incorrectly attempt to use a Java Security Manager with the classname of `true`.
This issue has been fixed in this release by adding extra checks for host controller system properties so that a system property is passed to the managed servers correctly. As a result, using a managed domain and using the default Security Manager by specifying `-Djava.security.manager` should function as expected.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1117290 (view as bug list) | Environment: | ||
Last Closed: | 2014-06-28 15:26:29 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1036618, 1040480, 1044394, 1053404 |
Description
Josef Cacek
2013-11-27 11:00:55 UTC
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2585 In addition to the access control related changes thoroughly check additional places where the current AccessControlContext is obtained within a PriviledgedAction. Some places may want a clean AccessControlContext that looses the information about the caller, others may genuinely want the current AccessControlContext but instead accidentally replace it. Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-2585 to Coding In Progress I filed https://bugzilla.redhat.com/show_bug.cgi?id=1035477 for the incorrect documentation advising setting JAVA_OPTS at the end of domain.conf. I found it. The propagation of system properties from the command line / scripts through the PC/HC and to the server process launch is resulting in: -Djava.security.manager becoming -Djava.security.manager=true The latter fails. So this is unrelated to the WFLY-2585 issue. Note that -Djava.security.policy==/tmp/permit.policy needs to have one '=' removed or you'll get failures. Two equal signs '==' is a valid syntax for setting a policy file. The documentation says: If you use java -Djava.security.manager -Djava.security.policy==someURL SomeApp (note the double equals) then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored. cf. http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html https://github.com/jbossas/jboss-eap/pull/715 replaces 714, and fixes the double '=' case. Verified on EAP 6.3.0.DR0. Minor edits to release notes text Josef: See Scott Mumford's request above. I did not make this private and don't know if the setting should be cleared or not. |