[jboss-jira] [JBoss JIRA] (WFLY-12655) Exception with web.xml url-pattern

Brian Stansberry (Jira) issues at jboss.org
Wed Oct 16 23:26:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFLY-12655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13800748#comment-13800748 ] 

Brian Stansberry commented on WFLY-12655:
-----------------------------------------

[~flavia.rainone] [~dlofthouse] [~jamezp] This seems like a possible CD 18 blocker. It's a regression, it seems fairly easy to hit (the reporter isn't doing anything terribly exotic and on the forum another user said they hit it too), and the problematic WarJACCService is going to get installed any time the legacy security subsystem is present.

> Exception with web.xml url-pattern
> ----------------------------------
>
>                 Key: WFLY-12655
>                 URL: https://issues.jboss.org/browse/WFLY-12655
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 18.0.0.Final
>            Reporter: Frank Heldt
>            Assignee: Flavia Rainone
>            Priority: Major
>
> Defining and securing 2 folders in a war with similar names given this Exception on deployment:
> 12:38:37,994 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
> at org.jboss.as.security at 18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:107)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: java.lang.IllegalArgumentException: Invalid prefix pattern in URLPatternList
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:308)
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
> at org.wildfly.extension.undertow at 18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:303)
> at org.wildfly.extension.undertow at 18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
> at org.jboss.as.security at 18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:86)
> ... 8 more
> This is the corresponding part of the web.xml:
> <security-constraint>
>   <web-resource-collection>
>     <web-resource-name>Area</web-resource-name>
>     <url-pattern>/area/*</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>     <role-name>role1</role-name>
>     <role-name>role2</role-name>
>   </auth-constraint>
>   <user-data-constraint>
>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>   </user-data-constraint>
> </security-constraint>
> <security-constraint>
>   <web-resource-collection>
>     <web-resource-name>Area 51</web-resource-name>
>     <url-pattern>/area51/*</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>     <role-name>role1</role-name>
>   </auth-constraint>
>   <user-data-constraint>
>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>   </user-data-constraint>
> </security-constraint>
> Looks like this only happens when the url-pattern starts with the same characters (eg /area/* and /area51/*).
> The same war under WildFly 17.0.1 works as expected.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list