Bug 1119147
Summary: | (6.4.0) Security Manager related issue in Http11NioProtocol | ||||||
---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Hynek Mlnarik <hmlnarik> | ||||
Component: | Web | Assignee: | Rémy Maucherat <rmaucher> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Slavicek <pslavice> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.3.0 | CC: | bbaranow, cdewolf, kkhan, mkopecky, pkremens, pslavice, rmaucher | ||||
Target Milestone: | DR11 | ||||||
Target Release: | EAP 6.4.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1161125 (view as bug list) | Environment: | |||||
Last Closed: | Type: | Bug | |||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 996500, 1104190, 1111137, 1123901, 1157438, 1161125 | ||||||
Attachments: |
|
Description
Hynek Mlnarik
2014-07-14 06:56:35 UTC
Updating status. The same problem is in IBM JDK 7 (and EAP 6.3.0.ER10). Moving under the Web component. The same problem is in OracleJDK 1.8. See: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-6x-as-testsuite-RHEL-matrix-OracleJDK8-SM/1/jdk=jdk1.8,label_exp=RHEL6%26%26x86/testReport/org.jboss.as.test.manualmode.web.websocket/WebsocketTestCase/websocketTest/ Issue is still valid for EAP 6.3.0.ER10 bits. Seen in EAP 6.3.1.CP.CR1 After starting with the other issues, I'm moving on with connector and websockets issues. This one could be an issue with the connector misbehaving after the initial request. Anyway if you want to look at it right now and you find something, I have nothing against that. I have been looking into NIO connector code but did not found anything suspicious. The root case of the failure is that the relevant AccessControlContext.optimize() results with a stack containing empty ProtectionDomain [null,null]. I have built latest OpendJDK8 from sources to debug the issue but with that the issue is not reproducible - connector works as expected. So maybe a bug in JDK which has been fixed upstream? Seems that we are hitting the same problem as here: https://issues.apache.org/jira/browse/SSHD-332 The NioEndpoint.DefaultThreadFactory.newThread() is invoked in an sun.misc.InnocuousThread which has associated empty protection domain. The empty protection domain is than inherited in the Thread created by the DefaultThreadFactory and this is what is causing the security exception. Creating the thread in a privileged block solves the problem. Maybe. But the thing I don't like in this bug report is that it shouldn't be running this stack trace at all doing regular keepalive. Created attachment 946971 [details]
NioEndpoint.java 7.5.x branch patch
Same patch applies to 7.4 branch as well (BZ1161125). So in the meantime I heard it couldn't be reproduced. If it is a real bug, then see my previous comment: this shouldn't be happening at all. So it is weird. I don't understand why this didn't stay as NEW rather than POST since no fix has been integrated. The analysis: - This would be limited to one JDK despite any reasonable logic - I verified that for a request to http://localhost:8080/ it doesn't enter event mode as demonstrated in the stack trace from the description (which would be a huge bug) So I am setting the nack flag since I don't see any problem at the moment. I can still reproduce it using latest 6.x build (19db471fec5a50b138544a9c69a847b605a92ac8) on JDK 1.7.0_71 OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode) and Oracle JDK 1.8.0_20-b26. Ok, let's not waste time in pointless discussions, I get the idea. Patch committed as r2546. Verified in 6.4.0.DR11 |