Bug 780770 (SOA-3223)

Summary: JBoss VFS eagerly loads signing information, resulting in SecurityException
Product: [JBoss] JBoss Enterprise SOA Platform 5 Reporter: Len DiMaggio <ldimaggi>
Component: EAPAssignee: Kevin Conner <kevin.conner>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.2.0 ER1CC: fnguyen, kevin.conner
Target Milestone: ---Keywords: TestBlocker
Target Release: 5.2.0 GA, 5.2.0.ER2   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-3223
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-29 19:27:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 780812    
Attachments:
Description Flags
server.log none

Description Len DiMaggio 2011-07-27 18:56:18 UTC 
project_key: SOA

Running the business_rules_service quickstart raises this exception:

2011-07-27 14:29:33,231 WARN  [org.jboss.detailed.classloader.ClassLoaderManager] (pool-38-thread-1) Unexpected error during load of:org.drools.spi.CompiledInvoker
java.lang.SecurityException: class "org.drools.spi.CompiledInvoker"'s signer information does not match signer information of other classes in the same package
Comment 1 Len DiMaggio 2011-07-27 18:56:43 UTC 
Affects Testing: Added: [Blocks Testing]
Blocked Tests: Added: Rules based services
Comment 2 Len DiMaggio 2011-07-27 18:57:08 UTC 
Attachment: Added: server.log
Comment 3 Len DiMaggio 2011-07-27 20:34:29 UTC 
Assigning to David to incorporate review comments.
Comment 4 David Le Sage 2011-08-03 00:39:43 UTC 
Release Notes Docs Status: Added: Not Required
Writer: Added: dlesage
Comment 5 Douglas Palmer 2011-08-05 14:35:07 UTC 
This is still an issue with my ER2 builds.
Comment 6 Kevin Conner 2011-08-08 16:20:59 UTC 
The issue occurs when the org.drools.util.CompositeClassLoader first attempts to load a class from the 'org.drools.spi' package as it results in the attempt being made without any signing information.  Previous classes within that package have been loaded through the normal classloader mechanism and have the correct signer information attached.

Still investigating.
Comment 7 Kevin Conner 2011-08-09 04:21:48 UTC 
It looks like this is a bug in the CertificateReaderInputStream, inherited from EAP.  Drools seems to be triggering this issue through their EclipseJavaCompiler class.

I think I have enough information to create a test case, will handle this tomorrow.
Comment 8 Kevin Conner 2011-08-09 15:44:41 UTC 
Raised JBVFS-176 to cover this issue.  I have compiled my suggested fix and installed it into SOA, this addresses the drools classloading issue.
Comment 9 Kevin Conner 2011-08-09 15:49:50 UTC 
Link: Added: This issue depends JBPAPP-6983
Comment 10 Pavel Macik 2011-08-11 14:35:57 UTC 
Link: Added: This issue is a dependency of SOA-3258
Comment 11 Douglas Palmer 2011-08-12 22:55:14 UTC 
Patch jar integrated into SOA-P for ER2.
Comment 12 Len DiMaggio 2011-08-29 19:27:12 UTC 
Verified fixed in the ER3 build.