Bug 967622 - Server CLI script can't require modules from rhq://downloads
Summary: Server CLI script can't require modules from rhq://downloads
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RHQ Project
Classification: Other
Component: CLI, Core Server
Version: 4.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: RHQ 4.8
Assignee: Lukas Krejci
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks: 967675
TreeView+ depends on / blocked
 
Reported: 2013-05-27 15:56 UTC by Filip Brychta
Modified: 2013-09-11 09:52 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 967675 (view as bug list)
Environment:
Last Closed: 2013-09-11 09:52:50 UTC
Embargoed:


Attachments (Terms of Use)

Description Filip Brychta 2013-05-27 15:56:04 UTC
Description of problem:
I have the following simple server CLI script:
var utils = require("rhq://downloads/util");

Execution of this script fails with exception.

Version-Release number of selected component (if applicable):
Version: 4.8.0-SNAPSHOT
Build Number: ff37cd9

How reproducible:
Always

Steps to Reproduce:
1. create an alarm definition with notification on some resource (i.e. platform)
  a. go to Alerts->Definitions->New
  b. fill some name
  c. add a condition - i.e. when some operation is invoked
  d. add a notification - choose a CLI script as a notification sender->upload the file (js file containing just var utils = require("rhq://downloads/util");)
  e. save the alert definition
2. invoke the operation from step c. 
3. go to Alerts->History
4. open relevant alert and check notification tab

Actual results:
from server log:
    11:34:51,724 INFO  [org.rhq.enterprise.server.plugins.alertCli.CliSender] (Thread-328) The script execution for CLI notification of alert [org.rhq.core.domain.alert.Alert[id=10071, alertDefinition=org.rhq.core.domain.alert.AlertDefinition[ id=10001, name=test, conditionExpression=ANY, priority=Medium, resourceId=10001 ], ctime=1369668891466]] failed.: java.security.AccessControlException: access denied (java.lang.RuntimePermission canAccessModelController)
            at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) [rt.jar:1.6.0_24]
            at java.security.AccessController.checkPermission(AccessController.java:553) [rt.jar:1.6.0_24]
            at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.6.0_24]
            at org.jboss.as.controller.ModelControllerImpl.createClient(ModelControllerImpl.java:311) [jboss-as-controller-7.2.0.Alpha1-redhat-4.jar:7.2.0.Alpha1-redhat-4]
            at org.rhq.enterprise.server.core.service.ManagementService.getClient(ManagementService.java:59) [rhq-enterprise-server-ejb3.jar:4.8.0-SNAPSHOT]
            at org.rhq.enterprise.server.core.CoreServer.getEarDeploymentDir(CoreServer.java:139) [rhq-enterprise-server-ejb3.jar:4.8.0-SNAPSHOT]
            at sun.reflect.GeneratedMethodAccessor205.invoke(Unknown Source) [:1.6.0_24]
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.6.0_24]
            at java.lang.reflect.Method.invoke(Method.java:616) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:111) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:45) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:226) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.PerInterface.getAttribute(PerInterface.java:83) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.MBeanSupport.getAttribute(MBeanSupport.java:205) [rt.jar:1.6.0_24]
            at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:683) [rt.jar:1.6.0_24]
            at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:672) [rt.jar:1.6.0_24]
            at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.getAttribute(PluggableMBeanServerImpl.java:448)
            at org.jboss.as.jmx.PluggableMBeanServerImpl.getAttribute(PluggableMBeanServerImpl.java:171)
            at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:140) [jboss-jmx-4.2.3.GA.jar:4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807192035)]
            at $Proxy1033.getEarDeploymentDir(Unknown Source)       at org.rhq.enterprise.client.RhqDownloadsScriptSourceProvider.getDownloadHomeDir(RhqDownloadsScriptSourceProvider.java:74) [rhq-server-client-api-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.enterprise.client.RhqDownloadsScriptSourceProvider.doGetScriptSource(RhqDownloadsScriptSourceProvider.java:61) [rhq-server-client-api-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.bindings.script.BaseRhqSchemeScriptSourceProvider.getScriptSource(BaseRhqSchemeScriptSourceProvider.java:50) [rhq-script-bindings-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.bindings.util.MultiScriptSourceProvider.getScriptSource(MultiScriptSourceProvider.java:57) [rhq-script-bindings-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.util.ScriptSourceToModuleSourceProviderAdapter.loadFromUri(ScriptSourceToModuleSourceProviderAdapter.java:75) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.util.ScriptSourceToModuleSourceProviderAdapter.loadFromPrivilegedLocations(ScriptSourceToModuleSourceProviderAdapter.java:59) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.provider.ModuleSourceProviderBase.loadSource(ModuleSourceProviderBase.java:41) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.provider.CachingModuleScriptProviderBase.getModuleScript(CachingModuleScriptProviderBase.java:69) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.provider.SoftCachingModuleScriptProvider.getModuleScript(SoftCachingModuleScriptProvider.java:67) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.Require.getModule(Require.java:363) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.Require.getExportedModuleInterface(Require.java:264) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.commonjs.module.Require.call(Require.java:218) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.engine.RhinoScriptEngine$1.superDoTopCall(RhinoScriptEngine.java:235) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.engine.RhinoScriptEngine$1.access$000(RhinoScriptEngine.java:199) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.engine.RhinoScriptEngine$1$1.run(RhinoScriptEngine.java:215) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_24]
            at org.rhq.scripting.javascript.engine.RhinoScriptEngine$1.doTopCall(RhinoScriptEngine.java:212) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.mozilla.javascript.Context.evaluateReader(Context.java:1110) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at org.rhq.scripting.javascript.engine.RhinoScriptEngine.eval(RhinoScriptEngine.java:363) [rhq-scripting-javascript-4.8.0-SNAPSHOT.jar:4.8.0-SNAPSHOT]
            at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:249) [rt.jar:1.6.0_24]
            at org.rhq.enterprise.server.plugins.alertCli.CliSender$1.run(CliSender.java:168)
            at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]


Expected results:
No exception

Comment 1 Lukas Krejci 2013-05-28 01:13:36 UTC
commit eeffaed93e68612eb6a88226479702d4f373e510
Author: Lukas Krejci <lkrejci>
Date:   Tue May 28 03:11:56 2013 +0200

    [BZ 967622 - Server CLI script can't require modules from rhq://downloads]
    
    This was primarily caused by a new permission required by EAP 6.1 we've
    switched to. To access the ModelControllerClient, the code now needs a
    RuntimePermission("canAccessModelController").
    
    We need the ModelControllerClient when determining the EAR installation
    dir, which we in turn need when determining where to locate the scripts
    in the "rhq://downloads" location. This is done while running a script,
    which is done in a restricted access control context which does not and
    should not have that permission.
    
    The minimal fix is to wrap the getting of the ModelControllerClient in a
    privileged action but some more "defensive" code was added in the
    RhqDownloadScriptSourceProvider, too, to guard against different times it
    might get instantiated during the script execution.
    
    Javadocs were updated to warn about the security considerations when
    writing a script source provider available on the server side.

Comment 2 Filip Brychta 2013-05-28 07:28:50 UTC
Verified on:
Version: 4.8.0-SNAPSHOT
Build Number: eeffaed

Comment 3 Heiko W. Rupp 2013-09-11 09:52:50 UTC
Bulk closing of old issues now that HRQ 4.9 is in front of the door.

If you think the issue has not been solved, then please open a new bug and mention this one in the description.


Note You need to log in before you can comment on or make changes to this bug.