tracker issue : CF-4068290

select a category, or use search below
(searches all categories and all time range)
Title:

CFChart path to Ajax Directory Incorrect After Service Restart with Sandbox Security Enabled

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/CannotReproduce

Reporter/Name(from Bugbase): Dallas Sacca / Dallas Sacca (Dallas Sacca)

Created: 10/02/2015

Components: Security

Versions: 11.0

Failure Type:

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 0

Problem Description:
After the CF11 service has restarted apps that use cfchart get an access denied error (from Sandbox Security) but the path referenced in the error is incorrect. The error is as follows:
 
"Error","ajp-bio-8012-exec-1","08/27/15","17:35:31","Lab Notebook","access denied (""java.io.FilePermission"" ""\\website\ajax\messages\cfmessage_en_US_.js"" ""read"") The specific sequence of files included or processed is: \\website\labnotebook\auth\viewnotebooks.cfm, line: 714 "
 
The error clears up after logging into ColdFusion Admin for the instance.I know the path should be to the CFIDE/Scripts directory (/cfscripts virtual directory in IIS) but I'm not sure why ColdFusion is putting the incorrect path initially.

Steps to Reproduce:
Enable Sandbox Security, set content directory with Read permissions, restart service, go to site page.

Actual Result:
HTTP 500 error. Logged error in Application.log is: "Error","ajp-bio-8012-exec-1","08/27/15","17:35:31","Lab Notebook","access denied (""java.io.FilePermission"" ""C:\website\ajax\messages\cfmessage_en_US_.js"" ""read"") The specific sequence of files included or processed is: C:\website\labnotebook\auth\viewnotebooks.cfm, line: 714 "

Expected Result:
Normal page load of the cfchart object.

Any Workarounds:
Log into ColdFusion Admin for the instance after service restart or disable Sandbox Security.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4068290

Reason:	PRNeedInfo

External Customer Info:
External Company:  
External Customer Name: Dallas Sacca
External Customer Email:  
External Test Config: My Hardware and Environment details:

Windows 2012 R2

ColdFusion 11 Update 6

JRE 1.8.0u25

Content directory: CIFS

CFIDE/Scripts alias: /cfscripts

Attachments:

  1. November 02, 2015 00:00:00: 1_Testcase.rar

Comments:

Hi Dallas, Can you confirm if you are hitting this issue on the latest CF11 updates? Also can you provide details as to, if you are using a virtual directory and if it has been mapped in the "Default ScriptSrc Directory" of the admin page or if it is empty. Thanks!
Comment by S P.
5650 | October 08, 2015 01:10:35 AM GMT
Issue occurs with ColdFusion 11 Update 6. We do have a virtual directory mapped to the instance CFIDE\Scripts directory and that path is configured in the "Default ScriptSrc Directory".
Comment by External U.
5651 | October 22, 2015 12:57:12 PM GMT
Hi Dallas, I have attached the testcase that uses cfchart and tried to repro the issue. Also as specified, I have tested it on IIS,with the virtual directory and with the sandbox enabled. Is there something more to it. Thanks, Preethi
Comment by S P.
5652 | November 02, 2015 08:01:42 AM GMT
I have replicated the error message on our server with your provided test case after the service has started (before logging into CF Admin). There are a few differences between how our developer has configured his cfchart case and your test case. I have asked the developer for some additional details regarding his code and will attach the example when it's available. From the server perspective the IIS web site Physical Path is a CIFS (file share), for example \\server\website. The sandbox security is enabled such that the service has Read access to the CIFS path. The cfscripts virtual directory is the local physical path to the ColdFusion install directory (d:\coldfusion11\instancename\wwwroot\cfide\scripts). Only the necessary tags and functions are enabled in sandbox security. Thanks. Dallas
Comment by External U.
5653 | November 02, 2015 03:54:52 PM GMT
I've talked with our developer and the differences between your test case and our code are minimal. He uses Format="html" and calculates the scaleto, gridlines and chartheight values based on the data being retrieved from the data source. If you need more details on our configuration or would like to schedule a WebEx session to see our configuration please let me know. Thanks. Dallas
Comment by External U.
5654 | November 03, 2015 08:36:55 AM GMT
Verified issue occurs with ColdFusion 11 Update 7.
Comment by External U.
5655 | November 20, 2015 09:13:08 AM GMT
Bug seems to only occur if the web site is hosted at a UNC path.
Comment by External U.
5656 | January 12, 2016 02:44:49 PM GMT
Hi Dallas, Tried the scenario with the IIS website hosted at a UNC path, but it renders the appropriate results. It would be really helpful, If you could provide the details regarding the user which accesses it and the permissions. Also, could you specify how your IIS website physical path looks like when hosted at a UNC path and the physical path credentials if any. Thanks!
Comment by S P.
5657 | August 16, 2016 12:26:21 AM GMT