[jboss-jira] [JBoss JIRA] (WFLY-12655) Exception with web.xml url-pattern
Petri Tuomaala (Jira)
issues at jboss.org
Thu Oct 17 15:37:00 EDT 2019
[ https://issues.jboss.org/browse/WFLY-12655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13801236#comment-13801236 ]
Petri Tuomaala commented on WFLY-12655:
---------------------------------------
Not sure if this is related. We get little different exception than from the bug description. Our exception is: WFLYSEC0012: Unable to start the JaccService service Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList. Same config works on WLF17. Our security constraint is like this:
{code:xml}
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>BASIC_ROLE</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resources and login</web-resource-name>
<url-pattern>/images/*</url-pattern>
<url-pattern>/fonts/*</url-pattern>
<url-pattern>/css/*</url-pattern>
<url-pattern>/js/*</url-pattern>
<url-pattern>/v/*</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>/jsp/substitute/SMS/smsResponse.jsp</url-pattern>
<url-pattern>/jsp/forgot_password.faces</url-pattern>
<url-pattern>/jsp/forgot_password_sent.faces</url-pattern>
<url-pattern>/jsp/create_password.faces</url-pattern>
<url-pattern>/jsp/recruitment/direct.faces</url-pattern>
<url-pattern>/javax.faces.resource/oamSubmit.js.faces</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public services</web-resource-name>
<url-pattern>/services/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
{code}
> Exception with web.xml url-pattern
> ----------------------------------
>
> Key: WFLY-12655
> URL: https://issues.jboss.org/browse/WFLY-12655
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 18.0.0.Final
> Reporter: Frank Heldt
> Assignee: Flavia Rainone
> Priority: Blocker
> Fix For: 19.0.0.Beta1
>
>
> Defining and securing 2 folders in a war with similar names given this Exception on deployment:
> {code}
> 12:38:37,994 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
> at org.jboss.as.security at 18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:107)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
> at org.jboss.msc at 1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads at 2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: java.lang.IllegalArgumentException: Invalid prefix pattern in URLPatternList
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:308)
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
> at javax.security.jacc.api at 2.0.0.Final//javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
> at org.wildfly.extension.undertow at 18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:303)
> at org.wildfly.extension.undertow at 18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
> at org.jboss.as.security at 18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:86)
> ... 8 more
> {code}
> This is the corresponding part of the web.xml:
> {code}
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Area</web-resource-name>
> <url-pattern>/area/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>role1</role-name>
> <role-name>role2</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Area 51</web-resource-name>
> <url-pattern>/area51/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>role1</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> {code}
> Looks like this only happens when the url-pattern starts with the same characters (eg /area/* and /area51/*).
> The same war under WildFly 17.0.1 works as expected.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list