Hello all,

I've a problem with WildFly 18.0.0.Final:

when deploying a very simple webapp with 2 subfolders ("/area" and "/area51" in this test) I get an exception:

12:38:37,994 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service

at org.jboss.as.security@18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:107)

at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)

at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)

at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)

at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.base/java.lang.Thread.run(Thread.java:834)

Caused by: java.lang.IllegalArgumentException: Invalid prefix pattern in URLPatternList

at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:308)

at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)

at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)

at org.wildfly.extension.undertow@18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:303)

at org.wildfly.extension.undertow@18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)

at org.jboss.as.security@18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:86)

... 8 more

The same app under WildFly 17 works as expected.

Naming the 2 folders totally different makes the problem go away,

This is from the web.xml:

<security-constraint>

<web-resource-collection>

<web-resource-name>Area</web-resource-name>

<url-pattern>/area/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>role1</role-name>

<role-name>role2</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

<security-constraint>

<web-resource-collection>

<web-resource-name>Area 51</web-resource-name>

<url-pattern>/area51/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>role1</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

Does anyone else have this issue?