security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does in JBoss EAP 7.2

Solution Unverified - Updated -

Issue

  • security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does in JBoss EAP 7.2 , getting this error:

    ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/opt/jboss/jboss-eap-7.2/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader")

    Even though this permission is set in the minimum-set

    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
    <deployment-permissions>
        <minimum-set>
            <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/>
        </minimum-set>
        <maximum-set>
            <permission class="java.security.AllPermission"/>
        </maximum-set>
    </deployment-permissions>
</subsystem>

  • EAP does not start because a NullPointerException when a minimum-set is specified:

    ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "security-manager")]): java.lang.NullPointerException
    at java.security.Permissions.getPermissionCollection(Permissions.java:240)
    at java.security.Permissions.implies(Permissions.java:179)
    at org.jboss.modules.security.FactoryPermissionCollection.implies(FactoryPermissionCollection.java:75)
    at org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.performBoottime(SecurityManagerSubsystemAdd.java:101)
        ...

    For example the following minimum-set generates the NPE problem:

            <minimum-set>
            <permission class="java.util.logging.LoggingPermission" name="control"/>
        </minimum-set>

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content