[
https://issues.apache.org/jira/browse/ARTEMIS-1789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16428412#comment-16428412
]
Justin Bertram commented on ARTEMIS-1789:
-----------------------------------------
I believe this can be addressed by back-porting the fix from ARTEMIS-1701 to
the 1.x branch.
> Permission check failed when resolving DNS under a security manager
> -------------------------------------------------------------------
>
> Key: ARTEMIS-1789
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1789
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 1.5.5
> Reporter: Jeff Mesnil
> Priority: Major
>
> When our application server is running with a security managert, Artemis
> reports an error because it does not have the permission to resolve IP
> addresses:
> {code}
> AMQ212007: connector.create or connectorFactory.createConnector should never
> throw an exception, implementation is badly behaved, but we will deal with it
> anyway.: java.security.AccessControlException: WFSM000001: Permission check
> failed (permission "("java.net.SocketPermission" "localhost" "resolve")" in
> code source "(vfs:/content/JMSResourceDefinitionsTestCase.jar <no signer
> certificates>)" of "ModuleClassLoader for Module
> "deployment.JMSResourceDefinitionsTestCase.jar" from Service Module Loader")
> at
> org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at
> org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:1048)
> at
> org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:390)
> at java.net.InetAddress.getAllByName0(InetAddress.java:1268)
> at java.net.InetAddress.getAllByName(InetAddress.java:1192)
> at java.net.InetAddress.getAllByName(InetAddress.java:1126)
> at java.net.InetAddress.getByName(InetAddress.java:1076)
> at java.net.InetSocketAddress.<init>(InetSocketAddress.java:220)
> at
> org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.createConnection(NettyConnector.java:600)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.openTransportConnection(ClientSessionFactoryImpl.java:1036)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createTransportConnection(ClientSessionFactoryImpl.java:1076)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.establishNewConnection(ClientSessionFactoryImpl.java:1254)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.getConnection(ClientSessionFactoryImpl.java:891)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.getConnectionWithRetry(ClientSessionFactoryImpl.java:795)
> at
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.connect(ClientSessionFactoryImpl.java:238)
> at
> org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:772)
> at
> org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:755)
> at
> org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createXAConnection(ActiveMQConnectionFactory.java:338)
> at
> org.apache.activemq.artemis.ra.ActiveMQRAManagedConnection.setup(ActiveMQRAManagedConnection.java:769)
> at
> org.apache.activemq.artemis.ra.ActiveMQRAManagedConnection.<init>(ActiveMQRAManagedConnection.java:161)
> at
> org.apache.activemq.artemis.ra.ActiveMQRAManagedConnectionFactory.createManagedConnection(ActiveMQRAManagedConnectionFactory.java:151)
> {code}
> The solution may be to explicitly resolve the InetAddress(s) in a privileged
> block before passing them in to Netty.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
