I am trying to deploy GeoServer 2.21.4 in JBoss EAP 7.4.9 with Java 11. The
GeoServer application fails to deploy when Java Security Manager is turned on.
I have been using the same Geoserver/JBoss versions on Java 8 successfully with
Java Security Manager turned on with the following environament:
Java 8 environament:
Oracle JRE 1.8.0_351
JBoss EAP 7.4.9
GeoServer 2.21.4
Windows 10
With Java Security Manager turned on. (set "SECMGR=true" in JBoss'
standalone.conf.bat)
- GeoServer successfully deploys with the following configuration set in JBoss'
standalone.xml file in the security-manager subsystem section.
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<minimum-set>
<permission class="java.security.AllPermission"/>
</minimum-set>
<maximum-set>
<permission class="java.security.AllPermission"/>
</maximum-set>
</deployment-permissions>
</subsystem>
Java 11 environament:
Oracle JRE 11.0.20
JBoss EAP 7.4.9
GeoServer 2.21.4
Windows 10
With Java Security Manager turned on. (set "SECMGR=true" in JBoss'
standalone.conf.bat)
- GeoServer failed to deploy with the following configuration set in JBoss'
standalone.xml file in the security-manager subsystem section. (Same setting
used with Java 8)
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<minimum-set>
<permission class="java.security.AllPermission"/>
</minimum-set>
<maximum-set>
<permission class="java.security.AllPermission"/>
</maximum-set>
</deployment-permissions>
</subsystem>
Error Log:
"{\"WFLYCTL0080: Failed services\" =>
{\"jboss.deployment.unit.\\\"geoserver.war\\\".undertow-deployment\" =>
\"java.lang.RuntimeException:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: java.lang.RuntimeException:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: java.security.AccessControlException: WFSM000001: Permission
check failed (permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")\"}}"
-Modified the standalone.xml to individual permissions for <minimum-set>
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<minimum-set>
<permission class="java.util.PropertyPermission"
name="*" actions="read,write"/>
<permission class="java.lang.RuntimePermission"
name="*"/>
<permission
class="java.util.logging.LoggingPermission" name="control"/>
<permission
class="org.jboss.vfs.VirtualFilePermission" name="<<ALL FILES>>"
actions="*"/>
<permission
class="java.lang.reflect.ReflectPermission" name="suppressAccessChecks"/>
<permission class="java.io.FilePermission"
name="F:\\NN\\jboss\\standalone\\-" actions="read"/>
<permission class="java.io.FilePermission"
name="F:\\NN\\gis\\geoserver\\-" actions="read,write"/>
<permission class="java.io.FilePermission"
name="F:\\NN\\gis\\geoserver\\external\\-" actions="read"/>
<permission class="java.io.FilePermission"
name="F:\\NN\\gis\\geoserver\\external\\gwc-layers\\-" actions="read"/>
</minimum-set>
<maximum-set>
<permission class="java.security.AllPermission"/>
</maximum-set>
</deployment-permissions>
</subsystem>
Failed results are similar compared to the previous configuration using only
<permission class="java.security.AllPermission"/> for <minimum-set>
Error Log:
"{\"WFLYCTL0080: Failed services\" =>
{\"jboss.deployment.unit.\\\"geoserver.war\\\".undertow-deployment\" =>
\"java.lang.RuntimeException:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: java.lang.RuntimeException:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'gwcCatalogConfiguration' defined in URL
[vfs:/C:/Program%20Files/NN/jboss/bin/content/geoserver.war/WEB-INF/lib/gs-gwc-2.21.4.jar/geowebcache-geoserver-context.xml]:
Invocation of init method failed; nested exception is
java.security.AccessControlException: WFSM000001: Permission check failed
(permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")
Caused by: java.security.AccessControlException: WFSM000001: Permission
check failed (permission \\\"(\\\"java.io.FilePermission\\\"
\\\"F:\\\\NN\\\\gis\\\\geoserver\\\\external\\\\gwc-layers\\\"
\\\"read\\\")\\\" in code source \\\"null\\\" of \\\"null\\\")\"}}"
Any help would be much appreciated.
Tung Pham
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
