Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,362,507
Community Members
 
Community Events
168
Community Groups

bamboo specs automatically running with permission denied

Whenever I push a bamboo spec plan to bamboo server and it attempts to automatically load the plan, it fails due to the following error:

[ERROR] Failed to execute goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run (default-cli) on project bamboo-specs: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run failed: access denied ("java.lang.RuntimePermission" "getProtectionDomain") -> [Help 1]

When the plans run automatically, i notice to maven it passes -Dspecs.useSecurityManager=true.

If I log into the build server, clone the repo and run this command by hand, it fails just as above.  If I set useSecurityManager=false though and provide a .credentials file, everything works fine.

What does this setting do and how can I fix it so that plans pushed on the monitored branch actually update automatically?  I have the repository configured in bitbucket with SSH keys enabled and the build account can clone / update the repository just fine for everything else.

1 answer

1 vote

Bamboo has custom SecurityManager to avoid malicious Java code to be executed at Java VM of Bamboo Server. It looks like your Bamboo Specs code tries to use forbidden methods. If you believe you need it this code to be executed at Bamboo consider to use Docker to run Bamboo Specs or turn off Security Manager.

It can be done at Administration > Security configuration

I'm running Bamboo 6.6.1 and the options available do not match the documentation.  The options are Enable Repository Stored Specs and Process Bamboo Specs in Docker.  There is no "Enable secure Specs processing" option as documented.

This server does not have internet access, and does not have docker.  Installing docker and creating a local docker image share is not possible as getting authorization for all of that in our build environment will take forever.

Further, can you elaborate on "forbidden methods"?  The build is pretty basic and does not do the things mentioned in the docs.  The main() method is unchanged from the auto-generated one.

Thanks for you environment details.

I think it's better to continue discussion at support ticket to gather more details about code, operation system and Java version you use. Please raise a support request at support.atlassian.com

Has this been solved somehow? Is there any workaround?

I just encountered same issue in bamboo server 6.10.4 (only difference is that in my case it is "java.lang.RuntimePermission" "accessDeclaredMembers") and it seems that running in build specs in docker setting does not help as it obviously uses same security manager.

Is there some way how to make it work? 

 

Thanks

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events