WFLYSEC0012 Error in web.xml with similar Patterns
franeg95 Jan 30, 2020 4:46 PMHi everyone.
We have at present a web application working under wildfly 10. We are trying to migrate it to Wildfly 18 but a error is showed while deploying the application.
The error is:
15:38:35,058 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: org.jboss.msc.service.StartException in service jboss.deployment.unit."issue-reproducer-1.0.0.Final-SNAPSHOT.war".jboss.security.jacc: WFLYSEC0012: Unable to start the JaccService service at org.jboss.as.security.service.JaccService.start(JaccService.java:107) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: Invalid exact pattern in URLPatternList at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:314) at javax.security.jacc.URLPatternSpec.(URLPatternSpec.java:79) at javax.security.jacc.WebResourcePermission.(WebResourcePermission.java:160) at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:287) at org.wildfly.extension.undertow.security.jacc.WarJACCService.createPermissions(WarJACCService.java:64) at org.jboss.as.security.service.JaccService.start(JaccService.java:86) ... 8 more
That happens while the app is deploying. Finally the deploy is marked as failed and then a rollback is done.
Looking at ours web.xml (have a "ear" app with 7 "war" modules) and debuging the lib (jboss-jacc-api_1.5), we found a pattern that broke the init.
We generate a example app with a web.xml with that pattern and also fails .
In our web app, and in the example, we create two Security Constraint. One blocks everything, we need that none file can be seen. The second permit access to especific files, that can be evaluated with the two patterns. However the pattern that brokes and makes the error is "*.htm" while it tries to evaluate if "/index.html" implies it. I found that while debugging the lib.
The example it is simple, but in our app can be more complex as we have constraint for "*.js" "*.jsp" while allowing certain roles to use it, and this is a big problem.
I hope that problem is well explained, if not, please ask me for more information.
Thanks for all.
Extra info:
We tested the problem in the following enviroments:
With error
Wildfly: 18.0.0.Final / 18.0.1.Final / 19.0.0.Beta1
Without error
Wildfly: 10.1.0.Final / 17.0.1.Final
Mensaje editado por: Franco Gimenez Added server.log
-
app.zip 4.7 KB
-
web.xml.zip 957 bytes
-
server.log.zip 4.8 KB