[jira] [Commented] (DELTASPIKE-1386) Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
[
https://issues.apache.org/jira/browse/DELTASPIKE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16952249#comment-16952249
]
ASF subversion and git services commented on DELTASPIKE-1386:
-
Commit 0eff953a7e5a4df01ab8ded7a1737fd9278178a3 in deltaspike's branch
refs/heads/master from Mark Struberg
[ https://gitbox.apache.org/repos/asf?p=deltaspike.git;h=0eff953 ]
DELTASPIKE-1386 check SecurityAccess when accessing user home dir
txs to Thomas Frühbeck for the report!
> Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
>
>
> Key: DELTASPIKE-1386
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1386
> Project: DeltaSpike
> Issue Type: Bug
> Components: Core
>Affects Versions: 1.9.1
>Reporter: Thomas Frühbeck
>Assignee: Mark Struberg
>Priority: Major
>
> For some reason DefaultConfigSourceProvider tries to access the home
> directory of the services user.
> If the access is prohibited by SecurityManager, the AccessControlException is
> not handled and the deployment of the complete application fails.
> 2019-09-15 23:19:21,075 ERROR [org.jboss.msc.service.fail] (MSC service
> thread 1-6) MSC01: Failed to start service
> jboss.deployment.unit."mssms-sec-ear.ear".POST_MODULE:
> org.jboss.msc.service.StartException in service jboss.
> deployment.unit."mssms-sec-ear.ear".POST_MODULE: WFLYSRV0153: Failed to
> process phase POST_MODULE of deployment "mssms-sec-ear.ear"
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.util.ServiceConfigurationError:
> org.apache.deltaspike.core.spi.config.ConfigSourceProvider: Provider
> org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider could not
> be instantiated
> at java.util.ServiceLoader.fail(ServiceLoader.java:232)
> at java.util.ServiceLoader.access$100(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384)
> at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409)
> at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> at
> org.apache.deltaspike.core.util.ServiceUtils.loadServiceImplementations(ServiceUtils.java:81)
> at org.apache.deltaspike.core.impl.config.ConfigImpl.init(ConfigImpl.java:70)
> at
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:53)
> at
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:43)
> at
> org.apache.deltaspike.core.api.config.ConfigResolver.resolve(ConfigResolver.java:613)
> at
> org.apache.deltaspike.core.api.config.base.CoreBaseConfig$BeanManagerIntegration.(CoreBaseConfig.java:30)
> at
> org.apache.deltaspike.core.api.provider.BeanManagerProvider.(BeanManagerProvider.java:79)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at java.lang.Class.newInstance(Class.java:442)
> at
> org.jboss.as.weld.deployment.WeldPortableExtensions.tryRegisterExtension(WeldPortableExtensions.java:53)
> at
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.loadAttachments(WeldPortableExtensionProcessor.java:121)
> at
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.deploy(WeldPortableExtensionProcessor.java:81)
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
> ... 5 more
> Caused by: java.security.AccessControlException: WFSM01: Permission check
> failed (permission "("java.io.FilePermission"
> "/home/thomas/.deltaspike/apache-deltaspike.properties" "read")" in code
> source "(vfs:/work/java/mssms/w
> ildfly1011/standalone/deployments/mssms-sec-ear.ear/lib/deltaspike-core-api-1.9.0.jar
> )" of "null")
>
[jira] [Commented] (DELTASPIKE-1386) Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
[ https://issues.apache.org/jira/browse/DELTASPIKE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934145#comment-16934145 ] Thomas Frühbeck commented on DELTASPIKE-1386: - Hi Mark, sorry for my late reply! m2c: the feature itself seems to be targeted at developers - and as such debateable. I am responsible for a growing number of applications integrating DeltaSpike as vital part, and cannot imagine to mix some settings into everyone. I see no reason to add complexity, neither for priviledged access. To me a simple try/catch/log.info would be sufficient. Any developer relying on this feature will be sufficiently informed. Running DeltaSpike in presence of SecurityManager restrictions shows additional accesses (e.g. System.getProperties in SystemPropertyConfigSource), which are problematic, because security check will be performed for Read+Write(!) access. So either we allow unrestricted(!) access to System.properties, or again we have to remove DeltaSpike completely. On the other side all the business logic of Configuration is private, so we are not able to override any of these critical parts by an alternative. I really would prefer to change each of the critical config setup methods/fields to protected to give us the freedom to decide, which of these we really need. So move setup logic to a builder method or a real Builder we may provide. Best regards, many thanks for great DeltaSpike! > Unhandled Exception in DefaultConfigSourceProvider causes deployment failure > > > Key: DELTASPIKE-1386 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1386 > Project: DeltaSpike > Issue Type: Bug > Components: Core >Affects Versions: 1.9.1 >Reporter: Thomas Frühbeck >Priority: Major > > For some reason DefaultConfigSourceProvider tries to access the home > directory of the services user. > If the access is prohibited by SecurityManager, the AccessControlException is > not handled and the deployment of the complete application fails. > 2019-09-15 23:19:21,075 ERROR [org.jboss.msc.service.fail] (MSC service > thread 1-6) MSC01: Failed to start service > jboss.deployment.unit."mssms-sec-ear.ear".POST_MODULE: > org.jboss.msc.service.StartException in service jboss. > deployment.unit."mssms-sec-ear.ear".POST_MODULE: WFLYSRV0153: Failed to > process phase POST_MODULE of deployment "mssms-sec-ear.ear" > at > org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154) > at > org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at > org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.util.ServiceConfigurationError: > org.apache.deltaspike.core.spi.config.ConfigSourceProvider: Provider > org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider could not > be instantiated > at java.util.ServiceLoader.fail(ServiceLoader.java:232) > at java.util.ServiceLoader.access$100(ServiceLoader.java:185) > at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384) > at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323) > at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407) > at java.security.AccessController.doPrivileged(Native Method) > at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409) > at java.util.ServiceLoader$1.next(ServiceLoader.java:480) > at > org.apache.deltaspike.core.util.ServiceUtils.loadServiceImplementations(ServiceUtils.java:81) > at org.apache.deltaspike.core.impl.config.ConfigImpl.init(ConfigImpl.java:70) > at > org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:53) > at > org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:43) > at > org.apache.deltaspike.core.api.config.ConfigResolver.resolve(ConfigResolver.java:613) > at > org.apache.deltaspike.core.api.config.base.CoreBaseConfig$BeanManagerIntegration.(CoreBaseConfig.java:30) > at > org.apache.deltaspike.core.api.provider.BeanManagerProvider.(BeanManagerProvider.java:79) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.jav
[jira] [Commented] (DELTASPIKE-1386) Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
[
https://issues.apache.org/jira/browse/DELTASPIKE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16932595#comment-16932595
]
Mark Struberg commented on DELTASPIKE-1386:
---
Hi and thanks for the report!
This is likely from a ConfigSource which looks for a
~/.deltaspik/apache-deltaspike.properties file.
We've added this feature to easily allow tweaking the config without having to
touch the deployable.
The user home might also be used to store information which should be better
hidden from other users.
There are 2 solutions I like to implement:
a.) use a {{doPrivileged}} block
b.) have a switch to disable this ConfigSource. And additionally catch away any
Exception in case this directory cannot be read.
Is this ok, or would you prefer anything else? Or other ideas?
> Unhandled Exception in DefaultConfigSourceProvider causes deployment failure
>
>
> Key: DELTASPIKE-1386
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1386
> Project: DeltaSpike
> Issue Type: Bug
> Components: Core
>Affects Versions: 1.9.1
>Reporter: Thomas Frühbeck
>Priority: Major
>
> For some reason DefaultConfigSourceProvider tries to access the home
> directory of the services user.
> If the access is prohibited by SecurityManager, the AccessControlException is
> not handled and the deployment of the complete application fails.
> 2019-09-15 23:19:21,075 ERROR [org.jboss.msc.service.fail] (MSC service
> thread 1-6) MSC01: Failed to start service
> jboss.deployment.unit."mssms-sec-ear.ear".POST_MODULE:
> org.jboss.msc.service.StartException in service jboss.
> deployment.unit."mssms-sec-ear.ear".POST_MODULE: WFLYSRV0153: Failed to
> process phase POST_MODULE of deployment "mssms-sec-ear.ear"
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.util.ServiceConfigurationError:
> org.apache.deltaspike.core.spi.config.ConfigSourceProvider: Provider
> org.apache.deltaspike.core.impl.config.DefaultConfigSourceProvider could not
> be instantiated
> at java.util.ServiceLoader.fail(ServiceLoader.java:232)
> at java.util.ServiceLoader.access$100(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384)
> at java.util.ServiceLoader$LazyIterator.access$700(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$2.run(ServiceLoader.java:407)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:409)
> at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> at
> org.apache.deltaspike.core.util.ServiceUtils.loadServiceImplementations(ServiceUtils.java:81)
> at org.apache.deltaspike.core.impl.config.ConfigImpl.init(ConfigImpl.java:70)
> at
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:53)
> at
> org.apache.deltaspike.core.impl.config.ConfigProviderImpl.getConfig(ConfigProviderImpl.java:43)
> at
> org.apache.deltaspike.core.api.config.ConfigResolver.resolve(ConfigResolver.java:613)
> at
> org.apache.deltaspike.core.api.config.base.CoreBaseConfig$BeanManagerIntegration.(CoreBaseConfig.java:30)
> at
> org.apache.deltaspike.core.api.provider.BeanManagerProvider.(BeanManagerProvider.java:79)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at java.lang.Class.newInstance(Class.java:442)
> at
> org.jboss.as.weld.deployment.WeldPortableExtensions.tryRegisterExtension(WeldPortableExtensions.java:53)
> at
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.loadAttachments(WeldPortableExtensionProcessor.java:121)
> at
> org.jboss.as.weld.deployment.processors.WeldPortableExtensionProcessor.deploy(WeldPortableExtensionProcessor.java:81)
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
> ... 5 more
> Caused by: java.security.AccessControlException: WFSM01: Permission check
> failed (permi
