2 Replies Latest reply on Feb 7, 2018 3:30 AM by Yudhir Bhattarai

    File permission exception with java websocket and wildfly10

    Yudhir Bhattarai Newbie

      I'm using web socket in java.
      I'm getting file permission exception while reading a file after enabling security manager in wildfly 10. Everything works fine if I do one of the following:

      1. disable security manager in wildfly
      2. use rest API

      But if I use web socket, then it's throwing the exception below. My permissions.xml file has the following permission for file operations but still I get the exception below.

      The file being read is an external file and resides in the system where the application is deployed.

      java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/cWLCPmData_20171203_1.db" "read")" in code source "null" of "null") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java) at java.lang.SecurityManager.checkRead(SecurityManager.java) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java) at java.io.File.exists(File.java) my file permission in the xml file looks like below:

      <?xml version="1.0" encoding="UTF-8"?>
      <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee"
        xmlns
      :xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi
      :schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
        http
      ://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd"
        version
      ="7">
        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>com.sun.jersey.core.util.ReaderWriter.BufferSize</name>
        
      <actions>read</actions>
        
      </permission>
        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>shutdownHooks</name>
        
      </permission>
        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getClassLoader</name>
        
      </permission>
        
      <permission>
        
      <class-name>java.lang.reflect.ReflectPermission</class-name>
        
      <name>suppressAccessChecks</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.io.FilePermission</class-name>
        
      <name>&lt;&lt;ALL FILES&gt;&gt;</name>
        
      <actions>read,write,delete,execute</actions>
        
      </permission>
        
      <permission>
        
      <class-name>javax.management.MBeanServerPermission</class-name>
        
      <name>*</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>mapAnyUriToUri</name>
        
      <actions>read</actions>
        
      </permission>

        
      <permission>
        
      <class-name>javax.management.MBeanPermission</class-name>
        
      <name>*</name>
        
      <actions>queryNames</actions>
        
      </permission>

        
      <permission>
        
      <class-name>javax.management.MBeanPermission</class-name>
        
      <name>*</name>
        
      <actions>registerMBean</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>accessDeclaredMembers</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.CONTROLLER_ID</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.DBServerIP</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>hibernate.enable_specj_proprietary_syntax</name>
        
      <actions>read</actions>
        
      </permission>

        
      <permission>
        
      <class-name>javax.management.MBeanPermission</class-name>
        
      <name>*</name>
        
      <actions>registerMBean</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>*</name>
        
      <actions>read,write</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getProtectionDomain</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>ANTLR_DO_NOT_EXIT</name>
        
      <actions>read</actions>
        
      </permission>

        
      <permission>
        
      <class-name>javax.management.MBeanTrustPermission</class-name>
        
      <name>*</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.net.SocketPermission</class-name>
        
      <name>*</name>
        
      <actions>accept,connect,listen,resolve</actions>
        
      </permission>

        
      <permission>
        
      <class-name>javax.management.MBeanPermission</class-name>
        
      <name>*</name>
        
      <actions>unregisterMBean</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.WLC_PLATFORM</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.NetworkType</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.DeploymentMode</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.Flavor</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.HOSTNAME</name>
        
      </permission>


        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>ANTLR_USE_DIRECT_CLASS_LOADING</name>
        
      <actions>read</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.util.PropertyPermission</class-name>
        
      <name>org.postgresql.forceBinary</name>
        
      <actions>read</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.security.SecurityPermission</class-name>
        
      <name>putProviderProperty.SunJCE</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.SAP_ID</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.NetActSessionId</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>accessClassInPackage.sun.reflect</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>createClassLoader</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>setContextClassLoader</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.net.NetPermission</class-name>
        
      <name>specifyStreamHandler</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>createSecurityManager</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>loadLibrary.guiaclinterface</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>loadLibrary.guialarminterface</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>getenv.BIND_CAPTIVEPORTAL_IP</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>*</name>
        
      </permission>

        
      <permission>
        
      <class-name>org.jboss.vfs.VirtualFilePermission</class-name>
        
      <name>&lt;&lt;ALL FILES&gt;&gt;</name>
        
      <actions>getfile</actions>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>setFactory</name>
        
      </permission>

        
      <permission>
        
      <class-name>java.lang.RuntimePermission</class-name>
        
      <name>queuePrintJob</name>
        
      <actions>*</actions>
        
      </permission>

      </permissions>

       

      Any help would be appreciated.

        • 1. Re: File permission exception with java websocket and wildfly10
          jaikiran pai Master

          Can you paste the complete stacktrace and the relevant snippet of your code?

           

          P.S: Someone with the right permissions will have to move this thread to WildFly forum.

          • 2. Re: File permission exception with java websocket and wildfly10
            Yudhir Bhattarai Newbie

            Hi,

                 I'm using the code below, to read sqlite files.

            private List<SessionFactory> getSessionFactory(List<String> dbFileNames) throws Exception {

                    Logger log = LoggerFactory.getLogger();

                    log.entry();

                   

                    List<SessionFactory> sessionFactories = new ArrayList<>();

                   

                    for(String dbFileName : dbFileNames)

                    {

                        log.debug("Creating session factory for DB: " + dbFileName);

                        String PM_DB_LOCATION = DB_PATH + dbFileName;

                        File file = new File(PM_DB_LOCATION);

                        if (!file.exists() || file.isDirectory())

                        {

                        continue;

                        }

                        // url format

                        // jdbc:sqlite:/home/users.sqlite

                        String Dburl = "jdbc:sqlite:" + PM_DB_LOCATION;

             

             

                        log.debug("Database URL= {}", "<SI " + Dburl + ">");

                        URL resource =

                                ResourceHelper.class.getClassLoader().getResource("hibernate_cwlc_pm.cfg.xml");

             

             

                        SessionFactory sessionFactory = new Configuration().configure(resource)

                        .setProperty("hibernate.connection.url", Dburl).buildSessionFactory();

                       

                       

                        log.debug("SessionFactory Creation Completed");

                        sessionFactories.add(sessionFactory);

                    }

                   

                    if (sessionFactories.isEmpty()) {

                        throw new Exception("PM DB doesn't exist");

                    }

             

             

                    log.exit();

                    return sessionFactories;

                }

             

            Exception is thrown from below part of the code.

            if (!file.exists() || file.isDirectory())

                        {

                        continue;

                        }

             

            jaikiran