WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp in JBoss EAP 7

Solution Unverified - Updated 14 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 7.2
- 7.3

Issue

We have the security manager enabled and when we access a servlet that tries to use the RequestDispatcher to forward to a jsp, it is failing without error. With io.undertow debug enabled we can see:

2020-04-16 14:46:55,390 DEBUG [io.undertow.request] (default task-1) Invalid path forward.jsp: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jboss/jboss-eap-7.2/standalone/tmp" "read")" in code source "(vfs:/content/JBEAP-19256.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.JBEAP-19256.war" from Service Module Loader")
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:307)
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:204)
  at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
  at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:372)
  at sun.nio.fs.UnixPath.checkRead(UnixPath.java:795)
  at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:49)
  at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
  at java.nio.file.Files.readAttributes(Files.java:1737)
  at java.nio.file.Files.isSymbolicLink(Files.java:2153)
  at io.undertow.server.handlers.resource.PathResourceManager.getSymlinkBase(PathResourceManager.java:309)
  at io.undertow.server.handlers.resource.PathResourceManager.getResource(PathResourceManager.java:218)
  at org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource(ServletResourceManager.java:74)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:114)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:32)
  at io.undertow.servlet.handlers.ServletPathMatches.getServletHandlerByPath(ServletPathMatches.java:96)
  at io.undertow.servlet.spec.RequestDispatcherImpl.<init>(RequestDispatcherImpl.java:74)
  at io.undertow.servlet.spec.ServletContextImpl.getRequestDispatcher(ServletContextImpl.java:334)
  at com.redhat.examples.servlet.Servlet.doPost(Servlet.java:51)
  ...

Resolution

A bug was opened to fix the issue This content is not included.JBEAP-19256 which is addressed at EAP version 7.2.9 and 7.3.2

Workaround

Deploying the application exploded in the deployments directory avoids the issue.

Root Cause

This content is not included.JBEAP-19256 - WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp

SBR

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.