Hello all,
I am experiencing an unusual issue when using Vert.x with the default Java security manager. I am running my code under a very simple java security policy that unconditionally grants full permissions to all code. My expectation is that under these conditions, my application should behave identical to being run without any security manager enabled.
I have created a simple example to demonstrate my issue. I have a JavaScript verticle that gets deployed by my Java app. The JS verticle simply uses the java.lang.Thread class to get the name of the current thread and publishes it to the event bus which the Java app reads and prints to the console. The JS verticle also has a handler that again repeats the action of reading the thread name and publishing to the event bus.
I am running this Java code:
import io.vertx.core.Vertx;
import io.vertx.core.eventbus.EventBus;
public class Permissions {
public static void main(String[] args) throws Exception {
Vertx vertx = Vertx.vertx();
EventBus eb = vertx.eventBus();
eb.consumer("java", res -> {
System.out.println(res.body());
});
vertx.deployVerticle("Permissions.js", result -> {
eb.publish("js", "FooBarThread");
});
}
}
with this security policy:
grant {
permission java.security.AllPermission;
};
and with these JVM args:
-Djava.security.manager -Djava.security.policy==src/main/resources/security.policy
The JavaScript verticle is as follows:
var eb = vertx.eventBus();
//eb.publish("java", java.lang.Thread.currentThread().getName());
eb.consumer("js", function (message) {
eb.publish("java", java.lang.Thread.currentThread().getName());
});
For reasons that I am not understanding, this code throws an AccessControlException if the first call to the publish method is commented out or removed.
SEVERE: Unhandled exception
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1467)
at io.vertx.core.impl.ContextImpl.setTCCL(ContextImpl.java:344)
at io.vertx.core.impl.ContextImpl.setContext(ContextImpl.java:97)
at io.vertx.core.impl.ContextImpl.lambda$wrapTask$2(ContextImpl.java:312)
at io.vertx.core.impl.ContextImpl$$Lambda$11/1853495960.run(Unknown Source)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:418)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:440)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873)
at java.lang.Thread.run(Thread.java:745)
As long as the initial publish call is made (or you disable the security manager), everything works as expected.
I have also attached a gradle/intellij project for this project, you can use the run task in gradle to execute it. Try commenting and uncommenting the first "eb.publish" method call in the Javascript code to see the differences in behavior.
This behavior seems unexpected to me and I am not sure if I am missing something here. Any guidance on this would be greatly appreciated.
Thanks,
Teja
--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/4cd9301b-04c3-4333-afff-1509e484b992%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
var eb = vertx.eventBus();
//eb.publish("java", java.lang.Thread.currentThread().getName());
eb.consumer("js", function (message) {
eb.publish("java", java.lang.Thread.currentThread().getName());
});
--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/fa855204-8a42-492e-88a3-e9abc5c79f3f%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
for (int i = 0;i < VertxOptions.DEFAULT_EVENT_LOOP_POOL_SIZE;i++) {
vertx.getOrCreateContext().runOnContext(v -> {});
}