5 Replies Latest reply on Oct 19, 2019 1:18 AM by Flavia Rainone

    WildFly 18.0.0.Final: issue with security contraints/url-pattern

    Frank Heldt Newbie

      Hello all,

       

      I've a problem with WildFly 18.0.0.Final:

       

      when deploying a very simple webapp with 2 subfolders ("/area" and "/area51" in this test) I get an exception:

       

      12:38:37,994 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."java-web-project.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service

      at org.jboss.as.security@18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:107)

      at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)

      at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)

      at org.jboss.msc@1.4.11.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)

      at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

      at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

      at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

      at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

      at java.base/java.lang.Thread.run(Thread.java:834)

      Caused by: java.lang.IllegalArgumentException: Invalid prefix pattern in URLPatternList

      at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:308)

      at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:79)

      at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:160)

      at org.wildfly.extension.undertow@18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:303)

      at org.wildfly.extension.undertow@18.0.0.Final//org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)

      at org.jboss.as.security@18.0.0.Final//org.jboss.as.security.service.JaccService.start(JaccService.java:86)

      ... 8 more

       

      The same app under WildFly 17 works as expected.

       

      Naming the 2 folders totally different makes the problem go away,

       

      This is from the web.xml:

       

      <security-constraint>

      <web-resource-collection>

      <web-resource-name>Area</web-resource-name>

      <url-pattern>/area/*</url-pattern>

      </web-resource-collection>

      <auth-constraint>

      <role-name>role1</role-name>

      <role-name>role2</role-name>

      </auth-constraint>

      <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

      </security-constraint>

       

      <security-constraint>

      <web-resource-collection>

      <web-resource-name>Area 51</web-resource-name>

      <url-pattern>/area51/*</url-pattern>

      </web-resource-collection>

      <auth-constraint>

      <role-name>role1</role-name>

      </auth-constraint>

      <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

      </security-constraint>

       

      Does anyone else have this issue?