WFLY-4179 Make sure web deployments have permission to access their t…

…mp dir Note that the test mentioned in the JIRA still does not work as it uses cross context includes, which requires a fix in Undertow
bstansberry · Jan 7, 2015 · e8f4c17 · e8f4c17
1 parent a8f18ae
commit e8f4c17
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 16 deletions.
diff --git a/ee/src/main/java/org/jboss/as/ee/component/deployers/EEDefaultPermissionsProcessor.java b/ee/src/main/java/org/jboss/as/ee/component/deployers/EEDefaultPermissionsProcessor.java
@@ -86,7 +86,7 @@ public void deploy(final DeploymentPhaseContext phaseContext) throws DeploymentU
         try {
             File file = root.getRoot().getPhysicalFile();
             if(file != null && file.isDirectory()) {
-                FilePermission permission = new FilePermission(file.getAbsolutePath() + "/-", "read");
+                FilePermission permission = new FilePermission(file.getAbsolutePath() + File.separatorChar + "-", "read");
                 permissions.add(new ImmediatePermissionFactory(permission));
             }
         } catch (IOException ex) {

diff --git a/...rc/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentInfoService.java b/...rc/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentInfoService.java
@@ -68,7 +68,6 @@
 import org.apache.jasper.deploy.TagVariableInfo;
 import org.apache.jasper.servlet.JspServlet;
 import org.jboss.annotation.javaee.Icon;
-import org.jboss.as.controller.services.path.PathManager;
 import org.jboss.as.ee.component.ComponentRegistry;
 import org.jboss.as.naming.ManagedReference;
 import org.jboss.as.naming.ManagedReferenceFactory;
@@ -183,7 +182,6 @@ public class UndertowDeploymentInfoService implements Service<DeploymentInfo> {
 
     public static final ServiceName SERVICE_NAME = ServiceName.of("UndertowDeploymentInfoService");
 
-    private static final String TEMP_DIR = "jboss.server.temp.dir";
     public static final String DEFAULT_SERVLET_NAME = "default";
     public static final String OLD_URI_PREFIX = "http://java.sun.com";
     public static final String NEW_URI_PREFIX = "http://xmlns.jcp.org";
@@ -219,15 +217,15 @@ public class UndertowDeploymentInfoService implements Service<DeploymentInfo> {
     private final InjectedValue<SessionIdentifierCodec> sessionIdentifierCodec = new InjectedValue<>();
     private final InjectedValue<SecurityDomainContext> securityDomainContextValue = new InjectedValue<SecurityDomainContext>();
     private final InjectedValue<ServletContainerService> container = new InjectedValue<>();
-    private final InjectedValue<PathManager> pathManagerInjector = new InjectedValue<PathManager>();
     private final InjectedValue<ComponentRegistry> componentRegistryInjectedValue = new InjectedValue<>();
     private final InjectedValue<Host> host = new InjectedValue<>();
     private final InjectedValue<ControlPoint> controlPointInjectedValue = new InjectedValue<>();
     private final Map<String, InjectedValue<Executor>> executorsByName = new HashMap<String, InjectedValue<Executor>>();
     private final String topLevelDeploymentName;
     private final WebSocketDeploymentInfo webSocketDeploymentInfo;
+    private final File tempDir;
 
-    private UndertowDeploymentInfoService(final JBossWebMetaData mergedMetaData, final String deploymentName, final TldsMetaData tldsMetaData, final List<TldMetaData> sharedTlds, final Module module, final ScisMetaData scisMetaData, final VirtualFile deploymentRoot, final String jaccContextId, final String securityDomain, final List<ServletContextAttribute> attributes, final String contextPath, final List<SetupAction> setupActions, final Set<VirtualFile> overlays, final List<ExpressionFactoryWrapper> expressionFactoryWrappers, List<PredicatedHandler> predicatedHandlers, List<HandlerWrapper> initialHandlerChainWrappers, List<HandlerWrapper> innerHandlerChainWrappers, List<HandlerWrapper> outerHandlerChainWrappers, List<ThreadSetupAction> threadSetupActions, boolean explodedDeployment, List<ServletExtension> servletExtensions, SharedSessionManagerConfig sharedSessionManagerConfig, String topLevelDeploymentName, WebSocketDeploymentInfo webSocketDeploymentInfo) {
+    private UndertowDeploymentInfoService(final JBossWebMetaData mergedMetaData, final String deploymentName, final TldsMetaData tldsMetaData, final List<TldMetaData> sharedTlds, final Module module, final ScisMetaData scisMetaData, final VirtualFile deploymentRoot, final String jaccContextId, final String securityDomain, final List<ServletContextAttribute> attributes, final String contextPath, final List<SetupAction> setupActions, final Set<VirtualFile> overlays, final List<ExpressionFactoryWrapper> expressionFactoryWrappers, List<PredicatedHandler> predicatedHandlers, List<HandlerWrapper> initialHandlerChainWrappers, List<HandlerWrapper> innerHandlerChainWrappers, List<HandlerWrapper> outerHandlerChainWrappers, List<ThreadSetupAction> threadSetupActions, boolean explodedDeployment, List<ServletExtension> servletExtensions, SharedSessionManagerConfig sharedSessionManagerConfig, String topLevelDeploymentName, WebSocketDeploymentInfo webSocketDeploymentInfo, File tempDir) {
         this.mergedMetaData = mergedMetaData;
         this.deploymentName = deploymentName;
         this.tldsMetaData = tldsMetaData;
@@ -252,6 +250,7 @@ private UndertowDeploymentInfoService(final JBossWebMetaData mergedMetaData, fin
         this.sharedSessionManagerConfig = sharedSessionManagerConfig;
         this.topLevelDeploymentName = topLevelDeploymentName;
         this.webSocketDeploymentInfo = webSocketDeploymentInfo;
+        this.tempDir = tempDir;
     }
 
     @Override
@@ -544,9 +543,7 @@ private DeploymentInfo createServletConfig() throws StartException {
                 throw new StartException(e);
             }
 
-            File tempFile = new File(pathManagerInjector.getValue().getPathEntry(TEMP_DIR).resolvePath(), deploymentName);
-            tempFile.mkdirs();
-            d.setTempDir(tempFile);
+            d.setTempDir(tempDir);
 
             d.setClassLoader(module.getClassLoader());
             final String servletVersion = mergedMetaData.getServletVersion();
@@ -1287,10 +1284,6 @@ public InjectedValue<UndertowService> getUndertowService() {
         return undertowService;
     }
 
-    public InjectedValue<PathManager> getPathManagerInjector() {
-        return pathManagerInjector;
-    }
-
     public InjectedValue<ControlPoint> getControlPointInjectedValue() {
         return controlPointInjectedValue;
     }
@@ -1370,6 +1363,7 @@ public static class Builder {
         private SharedSessionManagerConfig sharedSessionManagerConfig;
         private boolean explodedDeployment;
         private WebSocketDeploymentInfo webSocketDeploymentInfo;
+        private File tempDir;
 
         Builder setMergedMetaData(final JBossWebMetaData mergedMetaData) {
             this.mergedMetaData = mergedMetaData;
@@ -1495,8 +1489,17 @@ public Builder setWebSocketDeploymentInfo(WebSocketDeploymentInfo webSocketDeplo
             return this;
         }
 
+        public File getTempDir() {
+            return tempDir;
+        }
+
+        public Builder setTempDir(File tempDir) {
+            this.tempDir = tempDir;
+            return this;
+        }
+
         public UndertowDeploymentInfoService createUndertowDeploymentInfoService() {
-            return new UndertowDeploymentInfoService(mergedMetaData, deploymentName, tldsMetaData, sharedTlds, module, scisMetaData, deploymentRoot, jaccContextId, securityDomain, attributes, contextPath, setupActions, overlays, expressionFactoryWrappers, predicatedHandlers, initialHandlerChainWrappers, innerHandlerChainWrappers, outerHandlerChainWrappers, threadSetupActions, explodedDeployment, servletExtensions, sharedSessionManagerConfig, topLevelDeploymentName, webSocketDeploymentInfo);
+            return new UndertowDeploymentInfoService(mergedMetaData, deploymentName, tldsMetaData, sharedTlds, module, scisMetaData, deploymentRoot, jaccContextId, securityDomain, attributes, contextPath, setupActions, overlays, expressionFactoryWrappers, predicatedHandlers, initialHandlerChainWrappers, innerHandlerChainWrappers, outerHandlerChainWrappers, threadSetupActions, explodedDeployment, servletExtensions, sharedSessionManagerConfig, topLevelDeploymentName, webSocketDeploymentInfo, tempDir);
         }
     }
 

diff --git a/.../src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java b/.../src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java
@@ -28,8 +28,6 @@
 
 import org.apache.jasper.Constants;
 import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.services.path.PathManager;
-import org.jboss.as.controller.services.path.PathManagerService;
 import org.jboss.as.ee.component.ComponentRegistry;
 import org.jboss.as.ee.component.EEModuleDescription;
 import org.jboss.as.security.deployment.AbstractSecurityDeployer;
@@ -270,6 +268,7 @@ private void processDeployment(final WarMetaData warMetaData, final DeploymentUn
                 .setServletExtensions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_SERVLET_EXTENSIONS))
                 .setExplodedDeployment(ExplodedDeploymentMarker.isExplodedDeployment(deploymentUnit))
                 .setWebSocketDeploymentInfo(deploymentUnit.getAttachment(UndertowAttachments.WEB_SOCKET_DEPLOYMENT_INFO))
+                .setTempDir(warMetaData.getTempDir())
                 .createUndertowDeploymentInfoService();
 
         final ServiceName deploymentInfoServiceName = deploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
@@ -278,7 +277,6 @@ private void processDeployment(final WarMetaData warMetaData, final DeploymentUn
                 .addDependency(SecurityDomainService.SERVICE_NAME.append(securityDomain), SecurityDomainContext.class, undertowDeploymentInfoService.getSecurityDomainContextValue())
                 .addDependency(UndertowService.UNDERTOW, UndertowService.class, undertowDeploymentInfoService.getUndertowService())
                 .addDependencies(deploymentUnit.getAttachmentList(Attachments.WEB_DEPENDENCIES))
-                .addDependency(PathManagerService.SERVICE_NAME, PathManager.class, undertowDeploymentInfoService.getPathManagerInjector())
                 .addDependency(hostServiceName, Host.class, undertowDeploymentInfoService.getHost())
                 .addDependencies(additionalDependencies);
 

diff --git a/.../main/java/org/wildfly/extension/undertow/deployment/WarStructureDeploymentProcessor.java b/.../main/java/org/wildfly/extension/undertow/deployment/WarStructureDeploymentProcessor.java
@@ -23,11 +23,14 @@
 package org.wildfly.extension.undertow.deployment;
 
 import java.io.Closeable;
+import java.io.File;
+import java.io.FilePermission;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 
+import org.jboss.as.controller.services.path.PathManager;
 import org.jboss.as.ee.structure.DeploymentType;
 import org.jboss.as.ee.structure.DeploymentTypeMarker;
 import org.jboss.as.server.deployment.Attachments;
@@ -47,6 +50,7 @@
 import org.jboss.as.web.common.WarMetaData;
 import org.jboss.metadata.web.spec.WebMetaData;
 import org.jboss.modules.filter.PathFilters;
+import org.jboss.modules.security.ImmediatePermissionFactory;
 import org.jboss.vfs.VFS;
 import org.jboss.vfs.VirtualFile;
 import org.jboss.vfs.VirtualFileFilter;
@@ -62,6 +66,8 @@
  */
 public class WarStructureDeploymentProcessor implements DeploymentUnitProcessor {
 
+    private static final String TEMP_DIR = "jboss.server.temp.dir";
+
     public static final String WEB_INF_LIB = "WEB-INF/lib";
     public static final String WEB_INF_CLASSES = "WEB-INF/classes";
     public static final String META_INF = "META-INF";
@@ -127,6 +133,22 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
         final WarMetaData warMetaData = new WarMetaData();
         warMetaData.setSharedWebMetaData(sharedWebMetaData);
         deploymentUnit.putAttachment(WarMetaData.ATTACHMENT_KEY, warMetaData);
+
+        String deploymentName;
+        if(deploymentUnit.getParent() == null) {
+            deploymentName = deploymentUnit.getName();
+        } else {
+            deploymentName = deploymentUnit.getParent().getName() + "." + deploymentUnit.getName();
+        }
+
+        PathManager pathManager = deploymentUnit.getAttachment(Attachments.PATH_MANAGER);
+
+        File tempDir = new File(pathManager.getPathEntry(TEMP_DIR).resolvePath(), deploymentName);
+        tempDir.mkdirs();
+        warMetaData.setTempDir(tempDir);
+
+        moduleSpecification.addPermissionFactory(new ImmediatePermissionFactory(new FilePermission(tempDir.getAbsolutePath() + File.separatorChar + "-", "read,write,delete")));
+
         // Add the shared TLDs metadata
         final TldsMetaData tldsMetaData = new TldsMetaData();
         tldsMetaData.setSharedTlds(sharedTldsMetaData);

diff --git a/web-common/src/main/java/org/jboss/as/web/common/WarMetaData.java b/web-common/src/main/java/org/jboss/as/web/common/WarMetaData.java
@@ -21,6 +21,7 @@
  */
 package org.jboss.as.web.common;
 
+import java.io.File;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -95,6 +96,8 @@ public class WarMetaData {
      */
     private volatile JBossWebMetaData mergedJBossWebMetaData;
 
+    private File tempDir;
+
 
     private final Set<ServiceName> additionalDependencies = new HashSet<ServiceName>();
 
@@ -193,4 +196,12 @@ public void addAdditionalDependency(final ServiceName serviceName) {
     public Set<ServiceName> getAdditionalDependencies() {
         return Collections.unmodifiableSet(additionalDependencies);
     }
+
+    public File getTempDir() {
+        return tempDir;
+    }
+
+    public void setTempDir(File tempDir) {
+        this.tempDir = tempDir;
+    }
 }