Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

bamboo specs automatically running with permission denied

Chris Johnston July 16, 2018

Whenever I push a bamboo spec plan to bamboo server and it attempts to automatically load the plan, it fails due to the following error:

[ERROR] Failed to execute goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run (default-cli) on project bamboo-specs: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run failed: access denied ("java.lang.RuntimePermission" "getProtectionDomain") -> [Help 1]

When the plans run automatically, i notice to maven it passes -Dspecs.useSecurityManager=true.

If I log into the build server, clone the repo and run this command by hand, it fails just as above.  If I set useSecurityManager=false though and provide a .credentials file, everything works fine.

What does this setting do and how can I fix it so that plans pushed on the monitored branch actually update automatically?  I have the repository configured in bitbucket with SSH keys enabled and the build account can clone / update the repository just fine for everything else.

1 answer

1 vote
Alexey Chystoprudov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 16, 2018

Bamboo has custom SecurityManager to avoid malicious Java code to be executed at Java VM of Bamboo Server. It looks like your Bamboo Specs code tries to use forbidden methods. If you believe you need it this code to be executed at Bamboo consider to use Docker to run Bamboo Specs or turn off Security Manager.

It can be done at Administration > Security configuration

Chris Johnston July 17, 2018

I'm running Bamboo 6.6.1 and the options available do not match the documentation.  The options are Enable Repository Stored Specs and Process Bamboo Specs in Docker.  There is no "Enable secure Specs processing" option as documented.

This server does not have internet access, and does not have docker.  Installing docker and creating a local docker image share is not possible as getting authorization for all of that in our build environment will take forever.

Further, can you elaborate on "forbidden methods"?  The build is pretty basic and does not do the things mentioned in the docs.  The main() method is unchanged from the auto-generated one.

Alexey Chystoprudov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 17, 2018

Thanks for you environment details.

I think it's better to continue discussion at support ticket to gather more details about code, operation system and Java version you use. Please raise a support request at support.atlassian.com

Lukas_Lipavsky
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 9, 2020

Has this been solved somehow? Is there any workaround?

I just encountered same issue in bamboo server 6.10.4 (only difference is that in my case it is "java.lang.RuntimePermission" "accessDeclaredMembers") and it seems that running in build specs in docker setting does not help as it obviously uses same security manager.

Is there some way how to make it work? 

 

Thanks

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events