Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GlassFish 7 has 40 failures running platform authorization tests #23933

Closed
arjantijms opened this issue May 11, 2022 · 1 comment · Fixed by #23934
Closed

GlassFish 7 has 40 failures running platform authorization tests #23933

arjantijms opened this issue May 11, 2022 · 1 comment · Fixed by #23934
Assignees
@arjantijms
Labels
ee10-tck EE 10 TCK failures
Milestone
7.0.0

Comments

@arjantijms
Copy link
Contributor

See https://gist.github.com/scottmarlow/67a2c64b88f8453a622931235c12ad4e

The issue is the combination of a security manager and the fact jakarta authorization uses a policy. As soon as the policy itself needs any kind of Java SE permission, the security manager will ask the policy, which is itself. This then leads to recursion.

Ultimately the design of mixing Java SE code level permissions and permissions wrt the logged-in user are wrong. We'll address this in EE 11. For now we can install a proxy that doesn't send Java SE permissions to the Jakarta Authorisation Policy.

Note that the standalone TCK passes sinds a) it doesn't use the security manager, and b) uses wars, which seemly just happen to not ask for a certain class loading permission.

CC @scottmarlow
@arjantijms arjantijms added the ee10-tck EE 10 TCK failures label May 11, 2022
@arjantijms arjantijms added this to the 7.0.0 milestone May 11, 2022
@arjantijms arjantijms self-assigned this May 11, 2022
arjantijms added a commit to arjantijms/glassfish that referenced this issue May 11, 2022
@arjantijms
Fix eclipse-ee4j#23933 by adding a proxy for the Policy when Security…
26eba02 
… Managed used

Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
@arjantijms arjantijms mentioned this issue May 11, 2022
Merged
arjantijms added a commit that referenced this issue May 11, 2022
@arjantijms
Merge pull request #23934 from arjantijms/23933_fix_authorization_tck…
ef775ac 
…_failures

Fix #23933 by adding a proxy for the Policy when Security Managed used
@arjantijms
Copy link
Contributor Author

TCK passing on 11 and 17:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arjantijms arjantijms

Labels
ee10-tck EE 10 TCK failures
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Fix #23933 by adding a proxy for the Policy when Security Managed used arjantijms/glassfish
1 participant
@arjantijms