Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13044

WFLYSEC0012 Error in web.xml with similar Patterns

XMLWordPrintable

    • Hide

      Make two constraint, one deny access to all resources (with extension pattern and similar extension like "*.html", "*.htm", or "*.jsp", "*.js") and other allowing access to certain resource like "/index.html".
      Start the application and see the error .

      Show
      Make two constraint, one deny access to all resources (with extension pattern and similar extension like " * .html", " * .htm", or " * .jsp", " * .js") and other allowing access to certain resource like "/index.html". Start the application and see the error .
    • Migration

      There are a problem while two constraints are limiting the access to the same resource with extensión patterns and exact pattern.

      In our web.xml we have two constraints. One limiting the access to all resources and other allowing access to certain files.

      This is the web.xml to test the error:

      The problem happens when the "*.htm" is evaluated inside of the jboss-jacc-api_1.5 lib. It tries to match "/index.html" against "*.htm" pattern, when the "implies" function returns false, it throws the exception.

      The log is:

      2020-01-30 18:44:38,293 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 77) WFLYUT0021: Registered web context: '/issue-reproducer-1.0.0.Final-SNAPSHOT' for server 'default-server'
      2020-01-30 18:44:38,302 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
      	at org.jboss.as.security.service.JaccService.start(JaccService.java:107)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
      	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList
      	at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314)
      	at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)
      	at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)
      	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287)
      	at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
      	at org.jboss.as.security.service.JaccService.start(JaccService.java:86)
      	... 8 more
      

      I add a test project and the complete log in my environment.

      With Wildfly 17 there are not error.

        1. app.zip
          5 kB
        2. image-2020-01-31-10-28-27-872.png
          image-2020-01-31-10-28-27-872.png
          51 kB
        3. server.log.zip
          5 kB
        4. web.xml.zip
          0.9 kB

            mpetrov@redhat.com Michal Petrov
            franloop Franco Gimenez (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: