[jboss-jira] [JBoss JIRA] (WFLY-13044) WFLYSEC0012 Error in web.xml with similar Patterns

Franco Gimenez (Jira) issues at jboss.org
Fri Jan 31 08:41:47 EST 2020 

     [ https://issues.redhat.com/browse/WFLY-13044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Franco Gimenez updated WFLY-13044:
----------------------------------
    Description: 
There are a problem while two constraints are limiting the access to the same resource with extensión patterns and exact pattern. 

In our web.xml we have two constraints. One limiting the access to all resources and other allowing access to certain files. 

This is the web.xml to test the error:

 !image-2020-01-31-10-28-27-872.png|thumbnail! 

The problem happens when the "*\**.htm" is evaluated inside of the jboss-jacc-api_1.5 lib. It tries to match "/index.html" against "*\**.htm" pattern, when the *"implies"* function returns false, it throws the exception. 

The log is: 


{code:java}
2020-01-30 18:44:38,293 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 77) WFLYUT0021: Registered web context: '/issue-reproducer-1.0.0.Final-SNAPSHOT' for server 'default-server'
2020-01-30 18:44:38,302 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
	at org.jboss.as.security.service.JaccService.start(JaccService.java:107)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList
	at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314)
	at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
	at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287)
	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
	at org.jboss.as.security.service.JaccService.start(JaccService.java:86)
	... 8 more
{code}

I add a test proyect and the complete log in my environment.

With Wildfly 17 there are not error. 

  was:
There are a problem while two constraints are limiting the access to the same resource with extensión patterns and exact pattern. 

In our web.xml we have two constraints. One limiting the access to all resources and other allowing access to certain files. 

This is the web.xml to test the error:

 !image-2020-01-31-10-28-27-872.png|thumbnail! 

The problem happens when the "*\**.htm" is evaluated inside of the jboss-jacc-api_1.5 lib. It tries to match "/index.html" against "*\**.htm" pattern, when the implies function returns false, it throws the exception. 

The log is: 


{code:java}
2020-01-30 18:44:38,293 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 77) WFLYUT0021: Registered web context: '/issue-reproducer-1.0.0.Final-SNAPSHOT' for server 'default-server'
2020-01-30 18:44:38,302 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
	at org.jboss.as.security.service.JaccService.start(JaccService.java:107)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList
	at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314)
	at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
	at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287)
	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
	at org.jboss.as.security.service.JaccService.start(JaccService.java:86)
	... 8 more
{code}

I add a test proyect and the complete log in my environment.

With Wildfly 17 there are not error. 



> WFLYSEC0012 Error in web.xml with similar Patterns
> --------------------------------------------------
>
>                 Key: WFLY-13044
>                 URL: https://issues.redhat.com/browse/WFLY-13044
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 18.0.0.Final, 18.0.1.Final, 19.0.0.Beta1
>            Reporter: Franco Gimenez
>            Assignee: Flavia Rainone
>            Priority: Major
>         Attachments: app.zip, image-2020-01-31-10-28-27-872.png, server.log.zip, web.xml.zip
>
>
> There are a problem while two constraints are limiting the access to the same resource with extensión patterns and exact pattern. 
> In our web.xml we have two constraints. One limiting the access to all resources and other allowing access to certain files. 
> This is the web.xml to test the error:
>  !image-2020-01-31-10-28-27-872.png|thumbnail! 
> The problem happens when the "*\**.htm" is evaluated inside of the jboss-jacc-api_1.5 lib. It tries to match "/index.html" against "*\**.htm" pattern, when the *"implies"* function returns false, it throws the exception. 
> The log is: 
> {code:java}
> 2020-01-30 18:44:38,293 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 77) WFLYUT0021: Registered web context: '/issue-reproducer-1.0.0.Final-SNAPSHOT' for server 'default-server'
> 2020-01-30 18:44:38,302 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
> 	at org.jboss.as.security.service.JaccService.start(JaccService.java:107)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
> 	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
> 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList
> 	at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314)
> 	at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
> 	at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
> 	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287)
> 	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
> 	at org.jboss.as.security.service.JaccService.start(JaccService.java:86)
> 	... 8 more
> {code}
> I add a test proyect and the complete log in my environment.
> With Wildfly 17 there are not error. 



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list