SA-19544

Summary

The system node list cannot be accessed on JBoss with the Java Security Manager enabled. 

Error Messages

14:07:54,173 INFO [stdout] (Dispatcher-Thread-89) Caused by: java.sql.SQLException: Connection is not associated with a managed connection.org.jboss.jca.adapters.jdbc.jdk6.WrappedConnectionJDK6@4ee7292
14:07:54,173 INFO [stdout] (Dispatcher-Thread-89)
.
.
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.returnConnection(ConnectionManagerImpl.java:2221)

Steps to Reproduce

1. Enable Java Security Manager in standalone.conf file in $JBOSS_HOME/bin/ as below:

# Uncomment this to run with a security manager enabled
SECMGR="true"
# Java Security Manager Policy
JAVA_OPTS="$JAVA_OPTS -Djava.security.policy==$JBOSS_HOME/bin/jboss.policy -Djboss.home.dir=$JBOSS_HOME"

2. Restart JBoss.
3. Access the System Node instance list.

Root Cause

A defect or configuration issue in the operating environment.
The only "access denied" in the log is this:

    at org.jboss.jca.adapters.jdbc.WrappedResultSet.getObject(WrappedResultSet.java:1156)
    ... 154 more
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/nics/jboss/EAP-6.4.0/modules/com/oracle/main/ojdbc6.jar" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [rt.jar:1.8.0_66]
    at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_66]
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_66]

Resolution

Use a similar entry in the java security policy file as given below.

grant codeBase "file:${jboss.home.dir}/modules/oracle/jdbc/main/-" {
        permission java.security.AllPermission;
        permission javax.security.AllPermission;
};

Adjust this to the required JDBC driver location.