activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Mesnil (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ARTEMIS-1789) Permission check failed when resolving DNS under a security manager
Date Fri, 06 Apr 2018 14:22:00 GMT
Jeff Mesnil created ARTEMIS-1789:
------------------------------------

             Summary: Permission check failed when resolving DNS under a security manager
                 Key: ARTEMIS-1789
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1789
             Project: ActiveMQ Artemis
          Issue Type: Bug
    Affects Versions: 1.5.5
            Reporter: Jeff Mesnil


When our application server is running with a security managert, Artemis reports an error
because it does not have the permission to resolve IP addresses:

{code}
AMQ212007: connector.create or connectorFactory.createConnector should never throw an exception,
implementation is badly behaved, but we will deal with it anyway.: java.security.AccessControlException:
WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "localhost"
"resolve")" in code source "(vfs:/content/JMSResourceDefinitionsTestCase.jar <no signer
certificates>)" of "ModuleClassLoader for Module "deployment.JMSResourceDefinitionsTestCase.jar"
from Service Module Loader")
    at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
    at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1048)
    at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:390)
    at java.net.InetAddress.getAllByName0(InetAddress.java:1268)
    at java.net.InetAddress.getAllByName(InetAddress.java:1192)
    at java.net.InetAddress.getAllByName(InetAddress.java:1126)
    at java.net.InetAddress.getByName(InetAddress.java:1076)
    at java.net.InetSocketAddress.<init>(InetSocketAddress.java:220)
    at org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector.createConnection(NettyConnector.java:600)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.openTransportConnection(ClientSessionFactoryImpl.java:1036)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createTransportConnection(ClientSessionFactoryImpl.java:1076)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.establishNewConnection(ClientSessionFactoryImpl.java:1254)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.getConnection(ClientSessionFactoryImpl.java:891)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.getConnectionWithRetry(ClientSessionFactoryImpl.java:795)
    at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.connect(ClientSessionFactoryImpl.java:238)
    at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:772)
    at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:755)
    at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createXAConnection(ActiveMQConnectionFactory.java:338)
    at org.apache.activemq.artemis.ra.ActiveMQRAManagedConnection.setup(ActiveMQRAManagedConnection.java:769)
    at org.apache.activemq.artemis.ra.ActiveMQRAManagedConnection.<init>(ActiveMQRAManagedConnection.java:161)
    at org.apache.activemq.artemis.ra.ActiveMQRAManagedConnectionFactory.createManagedConnection(ActiveMQRAManagedConnectionFactory.java:151)
{code}

The solution may be to explicitly resolve the InetAddress(s) in a privileged block before
passing them in to Netty.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message