Created attachment 920246 [details] console log with NPE exception ProtectionDomain can have null codesource [1], but the methods in org.jboss.modules.ModulesPolicy class don't do the check for null and they try to use the codesource directly. It causes NPE when running EAP with Java Security Manager (JSM) enabled. E.g. public boolean implies(final ProtectionDomain domain, final Permission permission) { return domain.getCodeSource().equals(ourCodeSource) || policy.implies(domain, permission); } [1] http://docs.oracle.com/javase/6/docs/api/java/security/ProtectionDomain.html#getCodeSource() The test which shows the issue is the JMXConnectorTestCase from testsuite/integration/basic, when it's running against EAP running on IBM JDK 6 with the JSM enabled. Look at attachments for a server log which contains the stack-traces.
Fixed by modules 1.3.4 upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1126307. Setting to MODIFIED.
Verified in 6.4.0.DR1.1