[jboss-jira] [JBoss JIRA] (WFLY-13392) WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp
Lin Gao (Jira)
issues at jboss.org
Wed Apr 22 04:57:00 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lin Gao updated WFLY-13392:
---------------------------
Git Pull Request: https://github.com/wildfly/wildfly/pull/13232, https://github.com/undertow-io/undertow/pull/883 (was: https://github.com/undertow-io/undertow/pull/883)
> WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-13392
> URL: https://issues.redhat.com/browse/WFLY-13392
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Lin Gao
> Assignee: Lin Gao
> Priority: Major
> Labels: downstream_dependency
>
> When the security manager is enabled and a Servlet tries to use the RequestDispatcher to forward to a jsp, it fails silently even when the security manager permission for the VFS directory is granted.
> It looks like it may be running under the wrong security context when the security manager is invoked.
> {code}
> 2020-04-16 14:46:55,390 DEBUG [io.undertow.request] (default task-1) Invalid path forward.jsp: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jboss/jboss-eap-7.2/standalone/tmp" "read")" in code source "(vfs:/content/JBEAP-19256.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.JBEAP-19256.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:307)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:204)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:372)
> at sun.nio.fs.UnixPath.checkRead(UnixPath.java:795)
> at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:49)
> at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
> at java.nio.file.Files.readAttributes(Files.java:1737)
> at java.nio.file.Files.isSymbolicLink(Files.java:2153)
> at io.undertow.server.handlers.resource.PathResourceManager.getSymlinkBase(PathResourceManager.java:309)
> at io.undertow.server.handlers.resource.PathResourceManager.getResource(PathResourceManager.java:218)
> at org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource(ServletResourceManager.java:74)
> at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:114)
> at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:32)
> at io.undertow.servlet.handlers.ServletPathMatches.getServletHandlerByPath(ServletPathMatches.java:96)
> at io.undertow.servlet.spec.RequestDispatcherImpl.<init>(RequestDispatcherImpl.java:74)
> at io.undertow.servlet.spec.ServletContextImpl.getRequestDispatcher(ServletContextImpl.java:334)
> at com.redhat.examples.servlet.Servlet.doPost(Servlet.java:51)
> at com.redhat.examples.servlet.Servlet.doGet(Servlet.java:40)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:686)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:105)
> at java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:102)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.lang.Thread.run(Thread.java:748)
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list