Bug 1117862

Summary: Need a means to set jboss-modules option -secmgr in conf files
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Carlo de Wolf <cdewolf>
Component: Scripts and CommandsAssignee: James Perkins <jperkins>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Slavicek <pslavice>
Severity: low Docs Contact:
Priority: urgent    
Version: 6.3.0CC: david.lloyd, fnasser, jperkins, kkhan, myarboro, pgier, pslavice
Target Milestone: DR4   
Target Release: EAP 6.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1145960    
Bug Blocks: 1117701    

Description Carlo de Wolf 2014-07-09 14:30:26 UTC 
To the application with a security manager the option "-secmgr" must be specified to jboss-modules.

Right now the startup scripts do not have a configuration variable that allows for passing options to jboss-modules.

The scripts should contain usage of MODULES_OPTS, so it can be specified in the conf files.
Comment 3 Kabir Khan 2014-07-11 11:39:07 UTC 
https://github.com/jbossas/jboss-eap/pull/1516 replaces 1509.

From talks with QE -Djava.security.manager should remain the primary mechanism for EAP 6.3. It is too late in the process to change this and to recommend -secmgr as the primary mechanism.

The PR allows passing in of -secmgr via module options. For standalone mode this is trivial.

For domain mode, again -secmgr can be passed in via module options. Now from the PR two things can happen:

1) In the absence of -Djava.security.manager in the host controller options this (-secmgr) is propagated throughout the domain to the host controller and the servers. Note that it is not possible to determine if -secmgrmodule was used, so in effect this will be translated into a plain -secmgr. This should be fine for 6.3.0 since https://bugzilla.redhat.com/show_bug.cgi?id=1117862#c2 indicates that the MODULES_OPT is unsupported.

2) If -Djava.security.manager is present in the host controller options, then no -secmgr is added to the host-controller or its servers. In other words security manager propagation will work in a domain as it has been up to this point.
Comment 6 Josef Cacek 2014-09-29 06:50:09 UTC 
Verification failed due to bug 1145960.
Comment 7 James Perkins 2014-10-07 19:23:55 UTC 
Moving back to modified since linked issue is at modified.
Comment 10 Hynek Mlnarik 2014-11-27 12:03:15 UTC 
Verified in EAP 6.4.0.DR11.