4 Replies Latest reply on Jan 31, 2020 8:41 AM by franeg95

    WFLYSEC0012 Error in web.xml with similar Patterns

    franeg95
    franeg95 Jan 30, 2020 4:46 PM

      Hi everyone.

       

      We have at present a web application working under wildfly 10. We are trying to migrate it to Wildfly 18 but a error is showed while deploying the application.

       

      The error is:

       

      15:38:35,058 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service
at org.jboss.as.security.service.JaccService.start(JaccService.java:107)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList
at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314)
at javax.security.jacc.URLPatternSpec.(URLPatternSpec.java:79)
at javax.security.jacc.WebResourcePermission.(WebResourcePermission.java:160)
at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287)
at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64)
at org.jboss.as.security.service.JaccService.start(JaccService.java:86)
... 8 more

       

      That happens while the app is deploying. Finally the deploy is marked as failed and then a rollback is done.

       

      Looking at ours web.xml (have a "ear" app with 7 "war" modules) and debuging the lib (jboss-jacc-api_1.5), we found a pattern that broke the init.

      We generate a example app with a web.xml with that pattern and also fails .

       

      In our web app, and in the example, we create two Security Constraint. One blocks everything, we need that none file can be seen. The second permit access to especific files, that can be evaluated with the two patterns. However the pattern that brokes and makes the error is "*.htm" while it tries to evaluate if "/index.html" implies it. I found that while debugging the lib.

       

       

      The example it is simple, but in our app can be more complex as we have constraint for "*.js" "*.jsp" while allowing certain roles to use it, and this is a big problem.

       

      I hope that problem is well explained, if not, please ask me for more information.

      Thanks for all.

       

      Extra info:

       

      We tested the problem in the following enviroments:

       

      With error

       

      Wildfly: 18.0.0.Final / 18.0.1.Final  / 19.0.0.Beta1

       

      Without error

       

      Wildfly: 10.1.0.Final / 17.0.1.Final

       

      Mensaje editado por: Franco Gimenez Added server.log