diff --git a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ee/main/module.xml b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ee/main/module.xml
index f3af1b94c5be..f7e446406d30 100644
--- a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ee/main/module.xml
+++ b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ee/main/module.xml
@@ -31,6 +31,7 @@
+
diff --git a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ejb3/main/module.xml b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ejb3/main/module.xml
index 15682b314b47..95752a31e1eb 100644
--- a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ejb3/main/module.xml
+++ b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/jboss/as/ejb3/main/module.xml
@@ -108,6 +108,7 @@
+
diff --git a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/wildfly/extension/undertow/main/module.xml b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/wildfly/extension/undertow/main/module.xml
index 20b609e084ac..7223201722bb 100644
--- a/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/wildfly/extension/undertow/main/module.xml
+++ b/ee-feature-pack/galleon-shared/src/main/resources/modules/system/layers/base/org/wildfly/extension/undertow/main/module.xml
@@ -54,6 +54,7 @@
+
diff --git a/ee/pom.xml b/ee/pom.xml
index ea88e16b278a..e9e6aeae0c2b 100644
--- a/ee/pom.xml
+++ b/ee/pom.xml
@@ -143,6 +143,10 @@
org.wildfly.security
wildfly-elytron-security-manager-action
+
+ org.wildfly.security.jakarta
+ jakarta-authorization
+
org.wildfly.transaction
wildfly-transaction-client
diff --git a/ee/src/main/java/org/jboss/as/ee/security/JaccService.java b/ee/src/main/java/org/jboss/as/ee/security/JaccService.java
index 435fc2e93d3e..bd3cf944582f 100644
--- a/ee/src/main/java/org/jboss/as/ee/security/JaccService.java
+++ b/ee/src/main/java/org/jboss/as/ee/security/JaccService.java
@@ -7,8 +7,7 @@
import static org.jboss.as.ee.logging.EeLogger.ROOT_LOGGER;
import static org.wildfly.common.Assert.checkNotNullParam;
-
-import java.security.Policy;
+import static org.wildfly.security.authz.jacc.PolicyUtil.getPolicyUtil;
import jakarta.security.jacc.PolicyConfiguration;
import jakarta.security.jacc.PolicyConfigurationFactory;
@@ -84,7 +83,7 @@ public void start(StartContext context) throws StartException {
policyConfiguration.commit();
}
// Allow the policy to incorporate the policy configs
- Policy.getPolicy().refresh();
+ getPolicyUtil().refresh();
}
} catch (Exception e) {
throw ROOT_LOGGER.unableToStartException("JaccService", e);
diff --git a/ejb3/pom.xml b/ejb3/pom.xml
index bcd55371499f..ca2987ace298 100644
--- a/ejb3/pom.xml
+++ b/ejb3/pom.xml
@@ -209,6 +209,11 @@ vi:ts=4:sw=4:expandtab
wildfly-elytron-security-manager-action
+
+ org.wildfly.security.jakarta
+ jakarta-authorization
+
+
jakarta.transaction
jakarta.transaction-api
diff --git a/ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java b/ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java
index 4f617dd5873a..8c4fbf020a3c 100644
--- a/ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java
+++ b/ejb3/src/main/java/org/jboss/as/ejb3/component/EJBComponent.java
@@ -9,7 +9,6 @@
import java.lang.reflect.Method;
import java.security.AccessController;
-import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
@@ -68,6 +67,7 @@
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.Roles;
+import org.wildfly.security.authz.jacc.PolicyUtil;
import org.wildfly.security.manager.WildFlySecurityManager;
import org.wildfly.transaction.client.ContextTransactionManager;
@@ -423,9 +423,9 @@ public boolean isBeanManagedTransaction() {
public boolean isCallerInRole(final String roleName) throws IllegalStateException {
if (isSecurityDomainKnown()) {
if (enableJacc) {
- Policy policy = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) Policy::getPolicy) : Policy.getPolicy();
+ PolicyUtil policyUtil = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) PolicyUtil::getPolicyUtil) : PolicyUtil.getPolicyUtil();
ProtectionDomain domain = new ProtectionDomain(null, null, null, JaccInterceptor.getGrantedRoles(getCallerSecurityIdentity()));
- return policy.implies(domain, new EJBRoleRefPermission(getComponentName(), roleName));
+ return policyUtil.implies(domain, new EJBRoleRefPermission(getComponentName(), roleName));
} else {
boolean tmpBool = checkCallerSecurityIdentityRole(roleName); // rls debug todo remove
if (ROOT_LOGGER.isTraceEnabled()) {
diff --git a/ejb3/src/main/java/org/jboss/as/ejb3/security/JaccInterceptor.java b/ejb3/src/main/java/org/jboss/as/ejb3/security/JaccInterceptor.java
index bb7ba36c12b3..32896039413b 100644
--- a/ejb3/src/main/java/org/jboss/as/ejb3/security/JaccInterceptor.java
+++ b/ejb3/src/main/java/org/jboss/as/ejb3/security/JaccInterceptor.java
@@ -9,7 +9,6 @@
import java.lang.reflect.Method;
import java.security.AccessController;
-import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
@@ -32,6 +31,7 @@
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
+import org.wildfly.security.authz.jacc.PolicyUtil;
import org.wildfly.security.manager.WildFlySecurityManager;
/**
@@ -96,8 +96,8 @@ private void hasPermission(EJBComponent ejbComponent, ComponentView componentVie
MethodInterfaceType methodIntfType = componentView.getPrivateData(MethodInterfaceType.class);
EJBMethodPermission permission = createEjbMethodPermission(method, ejbComponent, methodIntfType);
ProtectionDomain domain = new ProtectionDomain (componentView.getProxyClass().getProtectionDomain().getCodeSource(), null, null, getGrantedRoles(securityIdentity));
- Policy policy = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) Policy::getPolicy) : Policy.getPolicy();
- if (!policy.implies(domain, permission)) {
+ PolicyUtil policyUtil = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) PolicyUtil::getPolicyUtil) : PolicyUtil.getPolicyUtil();
+ if (!policyUtil.implies(domain, permission)) {
throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method,ejbComponent.getComponentName());
}
}
diff --git a/undertow/pom.xml b/undertow/pom.xml
index 6f7bbca5e794..3ef053155b87 100644
--- a/undertow/pom.xml
+++ b/undertow/pom.xml
@@ -260,6 +260,10 @@
org.wildfly.security
wildfly-elytron-ssl
+
+ org.wildfly.security.jakarta
+ jakarta-authorization
+
com.google.guava
guava
diff --git a/undertow/src/main/java/org/wildfly/extension/undertow/security/jacc/JACCAuthorizationManager.java b/undertow/src/main/java/org/wildfly/extension/undertow/security/jacc/JACCAuthorizationManager.java
index 671c3ee19ff6..051c5fe5a884 100644
--- a/undertow/src/main/java/org/wildfly/extension/undertow/security/jacc/JACCAuthorizationManager.java
+++ b/undertow/src/main/java/org/wildfly/extension/undertow/security/jacc/JACCAuthorizationManager.java
@@ -9,7 +9,6 @@
import java.security.CodeSource;
import java.security.Permission;
-import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
@@ -30,6 +29,7 @@
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.SingleConstraintMatch;
import io.undertow.servlet.api.TransportGuaranteeType;
+import org.wildfly.security.authz.jacc.PolicyUtil;
import org.wildfly.security.manager.WildFlySecurityManager;
/**
@@ -125,8 +125,8 @@ private boolean hasPermission(Account account, Deployment deployment, ServletInf
}
private boolean hasPermission(ProtectionDomain domain, Permission permission) {
- Policy policy = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) Policy::getPolicy) : Policy.getPolicy();
- return policy.implies(domain, permission);
+ PolicyUtil policyUtil = WildFlySecurityManager.isChecking() ? doPrivileged((PrivilegedAction) PolicyUtil::getPolicyUtil) : PolicyUtil.getPolicyUtil();
+ return policyUtil.implies(domain, permission);
}
private Principal[] getGrantedRoles(Account account, Deployment deployment) {