Hi,
WildFly's CI checks [1] to test the Apache CXF upgrade from version 4.1.6 to
4.1.7 revealed a behavior change that's causing applications to fail.
By analyzing the stack trace, we identified a common root cause: new permission
checks that require additional deployment configuration (for example, via
permissions.xml).
We initially found the following:
- NetPermission("getProxySelector")
- RuntimePermission("org.apache.cxf.permission")
Once added to the deployment's permissions.xml file, we discovered another:
SocketPermission("[::1]:8080", "connect,resolve").
We're now adding this one and seeing if more appear, but it's clear this is a
behavior change that impacts users and causes a regression for WildFly users.
According to our analysis, the NetPermission("getProxySelector") issue is
caused by changes in https://github.com/apache/cxf/pull/3154/.
The SocketPermission("[::1]:8080", "connect,resolve") issue appears to stem
from URIResolver, but this must be a side effect of the recent changes, as it
didn't occur in version 4.1.6.
The same appears to be true for RuntimePermission("org.apache.cxf.permission").
I tried creating a ticket on Apache CXF Jira, but I don't have permissions to
see the "Create" button, which is strange since I have an Apache CXF account.
What are your thoughts on this issue?
[1] https://ci.wildfly.org/buildConfiguration/WF_PullRequest_LinuxSmJdk17/570420
Regards,
Fabio Burzigotti
Software Developer
IBM Software
[email protected]
IBM
Unless otherwise stated above:
IBM Italia S.p.A.
Sede Legale: Circonvallazione Idroscalo - 20054 Segrate (MI)
Cap. Soc. euro 247.656.998.20
C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153
Società con unico azionista
Società soggetta all'attività di direzione e coordinamento di International
Business Machines Corporation
