WFSM000001: Permission check failed ... FilePermission when Security Manager enabled and Web App tries to forward to jsp in JBoss EAP 7

Solution Unverified - Updated -

Issue

  • We have the security manager enabled and when we access a servlet that tries to use the RequestDispatcher to forward to a jsp, it is failing without error. With io.undertow debug enabled we can see:
2020-04-16 14:46:55,390 DEBUG [io.undertow.request] (default task-1) Invalid path forward.jsp: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jboss/jboss-eap-7.2/standalone/tmp" "read")" in code source "(vfs:/content/JBEAP-19256.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.JBEAP-19256.war" from Service Module Loader")
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:307)
  at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:204)
  at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
  at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:372)
  at sun.nio.fs.UnixPath.checkRead(UnixPath.java:795)
  at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:49)
  at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
  at java.nio.file.Files.readAttributes(Files.java:1737)
  at java.nio.file.Files.isSymbolicLink(Files.java:2153)
  at io.undertow.server.handlers.resource.PathResourceManager.getSymlinkBase(PathResourceManager.java:309)
  at io.undertow.server.handlers.resource.PathResourceManager.getResource(PathResourceManager.java:218)
  at org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource(ServletResourceManager.java:74)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:114)
  at io.undertow.server.handlers.resource.CachingResourceManager.getResource(CachingResourceManager.java:32)
  at io.undertow.servlet.handlers.ServletPathMatches.getServletHandlerByPath(ServletPathMatches.java:96)
  at io.undertow.servlet.spec.RequestDispatcherImpl.<init>(RequestDispatcherImpl.java:74)
  at io.undertow.servlet.spec.ServletContextImpl.getRequestDispatcher(ServletContextImpl.java:334)
  at com.redhat.examples.servlet.Servlet.doPost(Servlet.java:51)
  ...

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.2
    • 7.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content