2 Replies Latest reply on Feb 7, 2018 3:30 AM by yudhirb

File permission exception with java websocket and wildfly10

yudhirb Feb 3, 2018 12:14 AM

I'm using web socket in java.
I'm getting file permission exception while reading a file after enabling security manager in wildfly 10. Everything works fine if I do one of the following:

disable security manager in wildfly
use rest API

But if I use web socket, then it's throwing the exception below. My permissions.xml file has the following permission for file operations but still I get the exception below.

The file being read is an external file and resides in the system where the application is deployed.

java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/cWLCPmData_20171203_1.db" "read")" in code source "null" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java) at java.lang.SecurityManager.checkRead(SecurityManager.java) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java) at java.io.File.exists(File.java) my file permission in the xml file looks like below:

<?xml version="1.0" encoding="UTF-8"?> <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd" version="7"> <permission> <class-name>java.util.PropertyPermission</class-name> <name>com.sun.jersey.core.util.ReaderWriter.BufferSize</name> <actions>read</actions> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>shutdownHooks</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getClassLoader</name> </permission> <permission> <class-name>java.lang.reflect.ReflectPermission</class-name> <name>suppressAccessChecks</name> </permission> <permission> <class-name>java.io.FilePermission</class-name> <name><<ALL FILES>></name> <actions>read,write,delete,execute</actions> </permission> <permission> <class-name>javax.management.MBeanServerPermission</class-name> <name>*</name> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>mapAnyUriToUri</name> <actions>read</actions> </permission> <permission> <class-name>javax.management.MBeanPermission</class-name> <name>*</name> <actions>queryNames</actions> </permission> <permission> <class-name>javax.management.MBeanPermission</class-name> <name>*</name> <actions>registerMBean</actions> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>accessDeclaredMembers</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.CONTROLLER_ID</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.DBServerIP</name> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>hibernate.enable_specj_proprietary_syntax</name> <actions>read</actions> </permission> <permission> <class-name>javax.management.MBeanPermission</class-name> <name>*</name> <actions>registerMBean</actions> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>*</name> <actions>read,write</actions> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getProtectionDomain</name> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>ANTLR_DO_NOT_EXIT</name> <actions>read</actions> </permission> <permission> <class-name>javax.management.MBeanTrustPermission</class-name> <name>*</name> </permission> <permission> <class-name>java.net.SocketPermission</class-name> <name>*</name> <actions>accept,connect,listen,resolve</actions> </permission> <permission> <class-name>javax.management.MBeanPermission</class-name> <name>*</name> <actions>unregisterMBean</actions> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.WLC_PLATFORM</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.NetworkType</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.DeploymentMode</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.Flavor</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.HOSTNAME</name> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>ANTLR_USE_DIRECT_CLASS_LOADING</name> <actions>read</actions> </permission> <permission> <class-name>java.util.PropertyPermission</class-name> <name>org.postgresql.forceBinary</name> <actions>read</actions> </permission> <permission> <class-name>java.security.SecurityPermission</class-name> <name>putProviderProperty.SunJCE</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.SAP_ID</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.NetActSessionId</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>accessClassInPackage.sun.reflect</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>createClassLoader</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>setContextClassLoader</name> </permission> <permission> <class-name>java.net.NetPermission</class-name> <name>specifyStreamHandler</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>createSecurityManager</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>loadLibrary.guiaclinterface</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>loadLibrary.guialarminterface</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>getenv.BIND_CAPTIVEPORTAL_IP</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>*</name> </permission> <permission> <class-name>org.jboss.vfs.VirtualFilePermission</class-name> <name><<ALL FILES>></name> <actions>getfile</actions> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>setFactory</name> </permission> <permission> <class-name>java.lang.RuntimePermission</class-name> <name>queuePrintJob</name> <actions>*</actions> </permission> </permissions>

Any help would be appreciated.

1. Re: File permission exception with java websocket and wildfly10

jaikiran Feb 5, 2018 8:47 AM (in response to yudhirb)

Can you paste the complete stacktrace and the relevant snippet of your code?

P.S: Someone with the right permissions will have to move this thread to WildFly forum.
Actions
2. Re: File permission exception with java websocket and wildfly10

yudhirb Feb 7, 2018 3:30 AM (in response to jaikiran)

Hi,
     I'm using the code below, to read sqlite files.
private List<SessionFactory> getSessionFactory(List<String> dbFileNames) throws Exception {
        Logger log = LoggerFactory.getLogger();
        log.entry();

        List<SessionFactory> sessionFactories = new ArrayList<>();

        for(String dbFileName : dbFileNames)
        {
            log.debug("Creating session factory for DB: " + dbFileName);
            String PM_DB_LOCATION = DB_PATH + dbFileName;
            File file = new File(PM_DB_LOCATION);
            if (!file.exists() || file.isDirectory())
            {
            continue;
            }
            // url format
            // jdbc:sqlite:/home/users.sqlite
            String Dburl = "jdbc:sqlite:" + PM_DB_LOCATION;

            log.debug("Database URL= {}", "<SI " + Dburl + ">");
            URL resource =
                    ResourceHelper.class.getClassLoader().getResource("hibernate_cwlc_pm.cfg.xml");

            SessionFactory sessionFactory = new Configuration().configure(resource)
            .setProperty("hibernate.connection.url", Dburl).buildSessionFactory();


            log.debug("SessionFactory Creation Completed");
            sessionFactories.add(sessionFactory);
        }

        if (sessionFactories.isEmpty()) {
            throw new Exception("PM DB doesn't exist");
        }

        log.exit();
        return sessionFactories;
    }

Exception is thrown from below part of the code.
if (!file.exists() || file.isDirectory())
            {
            continue;
            }

jaikiran
Actions

Go to original post