0

I am trying to deploy GeoServer 2.21.4 in JBoss EAP 7.4.9 with Java 11. The GeoServer application fails to deploy when Java Security Manager is turned on.

I have been using the same Geoserver/JBoss versions on Java 8 successfully with Java Security Manager turned on with the following environment:

Java 8 environament:
Oracle JRE 1.8.0_351
JBoss EAP 7.4.9
GeoServer 2.21.4
Windows 10

With Java Security Manager turned on. (set "SECMGR=true" in JBoss' standalone.conf.bat)

  • GeoServer successfully deploys with the following configuration set in JBoss' standalone.xml file in the security-manager subsystem section.

      <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
      <deployment-permissions>
        <minimum-set>
              <permission class="java.security.AllPermission"/>
        </minimum-set>
          <maximum-set>
              <permission class="java.security.AllPermission"/>
          </maximum-set>
      </deployment-permissions>
  </subsystem>

    Java 11 environament: Oracle JRE 11.0.20 JBoss EAP 7.4.9 GeoServer 2.21.4 Windows 10

With Java Security Manager turned on. (set "SECMGR=true" in JBoss' standalone.conf.bat)

  • GeoServer failed to deploy with the following configuration set in JBoss' standalone.xml file in the security-manager subsystem section. (Same setting used with Java 8)

      <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
      <deployment-permissions>
        <minimum-set>
              <permission class="java.security.AllPermission"/>
        </minimum-set>
          <maximum-set>
              <permission class="java.security.AllPermission"/>
          </maximum-set>
      </deployment-permissions>
  </subsystem>

Error Log:

"{\"WFLYCTL0080: Failed services\" => {\"jboss.deployment.unit.\\\"geoserver.war\\\".undertow-deployment\" => \"java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")\"}}"

-Modified the standalone.xml to individual permissions for 

    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
        <deployment-permissions>
          <minimum-set>
                       <permission class="java.util.PropertyPermission" name="*" actions="read,write"/>
                       <permission class="java.lang.RuntimePermission" name="*"/>
                       <permission class="java.util.logging.LoggingPermission" name="control"/>
                       <permission class="org.jboss.vfs.VirtualFilePermission" name="&lt;&lt;ALL FILES&gt;&gt;" actions="*"/>                                                                     
                       <permission class="java.lang.reflect.ReflectPermission" name="suppressAccessChecks"/>
                       <permission class="java.io.FilePermission" name="F:\\NN\\jboss\\standalone\\-" actions="read"/>
                       <permission class="java.io.FilePermission" name="F:\\NN\\gis\\geoserver\\-" actions="read,write"/>                                                          
                       <permission class="java.io.FilePermission" name="F:\\NN\\gis\\geoserver\\external\\-" actions="read"/>
                       <permission class="java.io.FilePermission" name="F:\\NN\\gis\\geoserver\\external\\gwc-layers\\-" actions="read"/>
          </minimum-set>
            <maximum-set>
                <permission class="java.security.AllPermission"/>
            </maximum-set>
        </deployment-permissions>
    </subsystem>

Failed results are similar compared to the previous configuration using only permission class="java.security.AllPermission" for minimum-set

Error Log:
"{\"WFLYCTL0080: Failed services\" => {\"jboss.deployment.unit.\\\"geoserver.war\\\".undertow-deployment\" => \"java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'gwcCatalogConfiguration' defined in URL [vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
    Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \\\"(\\\"java.io.FilePermission\\\" \\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\" \\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")\"}}"

Any help would be much appreciated.

Tung Pham

Ian Turton
  • 10,018
  • 1
  • 28
  • 47
tungpham
  • 1
  • 1
  • does `F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\` actually exist and can the user running JBoss have write permissions for that directory? – Ian Turton Aug 16 '23 at 14:31
  • Yes the directory does exist and JBoss has write permission for that directory. – tungpham Aug 16 '23 at 18:30

0 Answers0