Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

bamboo specs automatically running with permission denied

Whenever I push a bamboo spec plan to bamboo server and it attempts to automatically load the plan, it fails due to the following error:

[ERROR] Failed to execute goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run (default-cli) on project bamboo-specs: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.3.2:run failed: access denied ("java.lang.RuntimePermission" "getProtectionDomain") -> [Help 1]

When the plans run automatically, i notice to maven it passes -Dspecs.useSecurityManager=true.

If I log into the build server, clone the repo and run this command by hand, it fails just as above.  If I set useSecurityManager=false though and provide a .credentials file, everything works fine.

What does this setting do and how can I fix it so that plans pushed on the monitored branch actually update automatically?  I have the repository configured in bitbucket with SSH keys enabled and the build account can clone / update the repository just fine for everything else.

1 answer

1 vote

Bamboo has custom SecurityManager to avoid malicious Java code to be executed at Java VM of Bamboo Server. It looks like your Bamboo Specs code tries to use forbidden methods. If you believe you need it this code to be executed at Bamboo consider to use Docker to run Bamboo Specs or turn off Security Manager.

It can be done at Administration > Security configuration

I'm running Bamboo 6.6.1 and the options available do not match the documentation.  The options are Enable Repository Stored Specs and Process Bamboo Specs in Docker.  There is no "Enable secure Specs processing" option as documented.

This server does not have internet access, and does not have docker.  Installing docker and creating a local docker image share is not possible as getting authorization for all of that in our build environment will take forever.

Further, can you elaborate on "forbidden methods"?  The build is pretty basic and does not do the things mentioned in the docs.  The main() method is unchanged from the auto-generated one.

Thanks for you environment details.

I think it's better to continue discussion at support ticket to gather more details about code, operation system and Java version you use. Please raise a support request at support.atlassian.com

Has this been solved somehow? Is there any workaround?

I just encountered same issue in bamboo server 6.10.4 (only difference is that in my case it is "java.lang.RuntimePermission" "accessDeclaredMembers") and it seems that running in build specs in docker setting does not help as it obviously uses same security manager.

Is there some way how to make it work? 

 

Thanks

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.1 is here and is packed with value!

I'm happy to announce that Bamboo 7.1 has been released and it’s overflowing with awesome new features. Top-voted issues First and foremost, a bunch of JAC top voted issues has been delivered - y...

622 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you