WFS sources fail to become available when one of their FeatureTypes' schemas imports a schema that imports another schema

[jrnorth]

Description

When any WFS source (1.0.0, 1.1.0, or 2.0.0) encounters a FeatureType whose schema (returned by the DescribeFeatureType operation and parsed when the source is initializing) imports a schema that imports a schema, an AccessControlException is thrown due to a lack of file read permissions. When Apache XmlSchema's DefaultURIResolver tries to resolve an import inside an imported schema, it tries to access it as a File first. Because the resolver does not have a file read permission, an AccessControlException is thrown and the source does not become available.

Steps to Reproduce

Note: I could not find a publicly available WFS source that has the necessary conditions to trigger this issue so I created a mock WFS source that does.

1. Download the standalone Wiremock JAR: http://wiremock.org/docs/download-and-installation/
2. Run the JAR.
3. In the directory containing the Wiremock JAR there should now be a __files directory. Drop https://github.com/jrnorth/ddf/blob/4e243c5ceb30d563e485802ccc49367add040f88/catalog/spatial/wfs/spatial-wfs-common/src/test/resources/WFS_Capabilities.xml and https://github.com/jrnorth/ddf/blob/4e243c5ceb30d563e485802ccc49367add040f88/catalog/spatial/wfs/spatial-wfs-common/src/test/resources/AZWellLogs.xsd in that directory.
4. There should also be a mappings directory. Drop https://github.com/jrnorth/ddf/blob/4e243c5ceb30d563e485802ccc49367add040f88/catalog/spatial/wfs/spatial-wfs-common/src/test/resources/mappings.json in that directory.
5. Stop Wiremock and start it again.
6. Run log:tail in the Karaf console.
7. Create a WFS 1.1.0 source using the url http://localhost:8080.
8. Enable the source.
9. Verify you see Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "http:/schemas.opengis.net/waterml/2.0/waterml2.xsd" "read") in the console logs.
10. Verify the source does not become available.

Expected behavior :

The source successfully parses all its FeatureTypes' schemas and becomes available.

Actual behavior:

An AccessControlException is thrown from Apache XmlSchema's DefaultUriResolver due to a lack of file read permissions.

Reproduces how often:

100%

Platform and environment:

All platforms and Java versions

Affects versions

All versions that include the security manager (>= 2.12.0?)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.