tracker issue : CF-4207569

select a category, or use search below
(searches all categories and all time range)
Title:

Access Denied to cfmessage_en_US_.js

| View in Tracker

Status/Resolution/Reason: Open//

Reporter/Name(from Bugbase): Christopher T. / ()

Created: 03/13/2020

Components: AJAX

Versions: 2018

Failure Type: Crash

Found In Build/Fixed In Build: 2018.0.07.316715 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Other

Vote Count: 0

Problem Description:

java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\ColdFusion2018\instance1\wwwroot\cf_scripts\scripts\ajax\messages\cfmessage_en_US_.js" "read") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.base/java.security.AccessController.checkPermission(AccessController.java:897) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661) at java.base/java.io.File.exists(File.java:815) at coldfusion.tagext.html.ajax.AjaxRBFileMap.fileExists(AjaxRBFileMap.java:121)...

This appears to be related to bugs CF-3040718 and CF-4068290

The website is hosted with IIS on Windows 2019. The website directory is in a ColdFusion Sandbox. <CFExecute>, <CreateObject(.NET)>, <CreateObject(COBRA)> are disabled. It has full access to it root and children folders.

The code line it appears to not like is:
<cfajaximport tags="cfwindow, cfform, cftextarea, cffileupload, cfinput-datefield">


Steps to Reproduce:

For unknown reasons, ColdFusion stopped serving the internal CF Admin page on port 8501 and started throwing 500 errors on the IIS website:
Mar 12, 2020 18:37:25 PM Error [ajp-nio-8012-exec-17] - '' The specific sequence of files included or processed is: D:\Websites\mywebsite\www\index.cfm''

I did note that around the time this started happening, an error was found in the coldfusion-out log for what appears to be <cflog> using the wrong default log path. The drive is D: and not C:

Mar 12, 2020 15:08:03 PM Error [ajp-nio-8012-exec-13] - access denied (""java.io.FilePermission"" ""C:\ColdFusion2018\instance1\logs\my.log"" ""read"")

After a service restart and even a reboot we started receiving this error. It worked fine for about 2-3 week prior with no changes.

Attachments:

Comments:

The error appears to have gone away after logging into the ColdFusion Administrator, just like the workaround in CF-4068290
Comment by Christopher T.
33244 | March 13, 2020 01:12:57 AM GMT
The wrong log path comment can be disregarded. ColdFusion is installed on C: while the website data is on D:. However, the application should have been able to read that log file. So that is still an issue.
Comment by Christopher T.
33245 | March 13, 2020 01:57:24 AM GMT