Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Problems with enabled Java Security Manager

SA-19544

Summary



The system node list cannot be accessed on JBoss with the Java Security Manager enabled. 

Error Messages



14:07:54,173 INFO [stdout] (Dispatcher-Thread-89) Caused by: java.sql.SQLException: Connection is not associated with a managed connection.org.jboss.jca.adapters.jdbc.jdk6.WrappedConnectionJDK6@4ee7292
14:07:54,173 INFO [stdout] (Dispatcher-Thread-89)
.
.
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.returnConnection(ConnectionManagerImpl.java:2221)

Steps to Reproduce



1. Enable Java Security Manager in standalone.conf file in $JBOSS_HOME/bin/ as below:

Uncomment this to run with a security manager enabled
SECMGR="true"
# Java Security Manager Policy
JAVA_OPTS="$JAVA_OPTS -Djava.security.policy==$JBOSS_HOME/bin/jboss.policy -Djboss.home.dir=$JBOSS_HOME"

2. Restart JBoss.
3. Access the System Node instance list.

Root Cause



A defect or configuration issue in the operating environment.
The only "access denied" in the log is this:

    at org.jboss.jca.adapters.jdbc.WrappedResultSet.getObject(WrappedResultSet.java:1156)
    ... 154 more
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/nics/jboss/EAP-6.4.0/modules/com/oracle/main/ojdbc6.jar" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [rt.jar:1.8.0_66]
    at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_66]
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_66]

Resolution



Use a similar entry in the java security policy file as given below.

grant codeBase "file:${jboss.home.dir}/modules/oracle/jdbc/main/-" {
        permission java.security.AllPermission;
        permission javax.security.AllPermission;
};

Adjust this to the required JDBC driver location.
Suggest Edit

Published February 9, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us