You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Ruth Cao (JIRA)" <ji...@apache.org> on 2006/12/28 03:59:21 UTC
[jira] Created: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
[classlib][security] Harmony cannot identify 'codeBase' feature in policy file
------------------------------------------------------------------------------
Key: HARMONY-2910
URL: http://issues.apache.org/jira/browse/HARMONY-2910
Project: Harmony
Issue Type: Bug
Components: Classlib
Reporter: Ruth Cao
create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
-Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
public class PolicyTest {
public static void main(String[] args) throws Exception {
Policy p = Policy.getPolicy();
ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
"file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
PermissionCollection pCollection = p.getPermissions(pd);
Enumeration<Permission> elements = pCollection.elements();
while (elements.hasMoreElements()) {
if(elements.nextElement().equals(new AllPermission())){
System.out.println("contains AllPermission");
}
}
}
}
RI prints:
contains AllPermission
while Harmony prints nothing.
[1]
grant codeBase "file:${test.bin.dir}/-" {
permission java.security.AllPermission;
};
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12507075 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Mikhail, thanks a lot for your corrections, this one is really tricky.
Your patch is great, it actually resolves all the issues. I've updated it a bit - removed an extra debugging print.
Also I've updated the PolicyEntryTest to include all the regression I could think of. Hopefully I did it right.
I also merged the two test patches together, so for now only two patches need to be applied, Harmony-2910-Fix.patch and Harmony-2910-Test.patch.
Ruth, Stepan - it seems the issue is (mostly) resolved now, so could you please review the updates by Mikhail and me, to make sure they're correct from your point of view? Thanks!
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532144 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
If implementation with the current patch normalizes a URL containing %20, it gets replaced with %2520, which is another problem to fix.
This is the cause of spaces not handled correctly.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vasily Zakharov updated HARMONY-2910:
-------------------------------------
Attachment: Harmony-2910-PolicyEntryTest.patch
Harmony-2910-PolicyTest.patch
Harmony-2910-fix.patch
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[classlib][security] Harmony cannot identify 'codeBase' feature in
policy file
Posted by Tim Ellison <t....@gmail.com>.
Thanks, if I can't fix it in a short time I'll roll back the commit.
Regards,
Tim
Stepan Mishura commented on HARMONY-2910:
>
> CC tesing - PolicyEntryTest fails on both Linux'es
>
> Class: org.apache.harmony.security.tests.PolicyEntryTest
> junit.framework.AssertionFailedError
> at org.apache.harmony.security.tests.PolicyEntryTest.testImpliesCodeSource(PolicyEntryTest.java:208)
> at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537274 ]
Stepan Mishura commented on HARMONY-2910:
-----------------------------------------
CC tesing - PolicyEntryTest fails on both Linux'es
Class: org.apache.harmony.security.tests.PolicyEntryTest
junit.framework.AssertionFailedError
at org.apache.harmony.security.tests.PolicyEntryTest.testImpliesCodeSource(PolicyEntryTest.java:208)
at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-2910?page=all ]
Ruth Cao updated HARMONY-2910:
------------------------------
Attachment: Harmony-2910.diff
Would somebody please try this patch?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: http://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Attachments: Harmony-2910.diff
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Tim Ellison (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison resolved HARMONY-2910.
----------------------------------
Resolution: Fixed
Thanks to everyone who has contributed to fixing this issue!
Patches applied to SECURITY module at repo revision r587631.
Anyone care to verify?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506938 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
In fact, System.getProperty() is not a problem. The problem is the in cyclic dependency SecurityManager.checkRead() - PolicyUtils.normalizeURL() - File.toURI() - File.getAbsoluteName() - File.isDirectory() - SecurityManager.checkRead(). So, we just need to convert File to URI without accessing the file system. I tried to use the respective code from java.io.File with isDirectory() checks removed, and it helped.
Here I attach the updated Stepan's patch (Harmony-2910-fix.patch, Harmony-2910-PolicyTest.patch) with this correction.
With this patch cyclic dependency is resolved, the test for this issue and for HARMONY-3939 both work fine on both DRL VM and IBM VM.
org.apache.harmony.logging.tests.java.util.logging.LogManagerTest and org.apache.harmony.rmi.RegistryTest tests do not crash.
tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission() test passes.
As of PolicyEntryTest.testImpliesCodeSource(), it still fails on both RI and Harmony. It seems the test is incorrect, so I fixed the test and improved its functionality a bt.
Does it mean that PolicyUtils.normalizeURL() works incorrectly, or PolicyEntry.impliesCodeSource() logic is not right (for example, why codeSource is normalized while cs is not?), or the two asserions above should be changed to assertFalse() ?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruth Cao updated HARMONY-2910:
------------------------------
Attachment: Harmony-2910-2.zip
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532148 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
That problem occurs because the same path gets normalized twice.
A call to new URI("file", null, "...%20...", null, null)) produces "...%2520..." on both RI and Harmony.
So we must check that normalized path is not normalized again in out internal structures.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Leo Li (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531219 ]
Leo Li commented on HARMONY-2910:
---------------------------------
Thanks, Vasily.
I think the patch is OK.
I have tried getCanonicalPath() but the process will not become so clean as Vasily's patch: (1)"*" and "-" needs to be treated seperately since getCanonicalPath cannot handle them. (2) Space in path should be replaced by "%20".
And there is a problem to normalize URLs in constructor of CodeSource since RI's CodeSource.getLocation always returns the original and unnormalized URL.
Good luck!
Leo.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506264 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Stepan,
The two tests you mentioned above crash on my machine also. However, if run separately (not in suite), they both work fine (though fail) on both RI, DRL VM and IBM VM.
Could you please provide any detail on that "cyclic dependency" you're talking about?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vasily Zakharov updated HARMONY-2910:
-------------------------------------
Attachment: Harmony-2910-Fix.patch
It was a small bug in a patch that caused the problem with spaces. I've just attached the updated version.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Mikhail Markov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506652 ]
Mikhail Markov commented on HARMONY-2910:
-----------------------------------------
(not concerning DRLVM/J9 behaviour differences which is another story :-))
I've investigated Stepan's simplification of normalizeURL and think that it is not correct as it calls File.toURI() method which checks permissions leading to StackOverflowError (which is ok - no problem in security code: when checking permission with policy file we should not use any permissions-sensitive calls). The last patch from Ruth does not use such sensitive calls.
So, i suggest to use Ruth's implementation of normalizeURL() but move it to PolicyUtils as Stepan suggested. Does it make sense?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537344 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Stepan, Tim, thanks for dealing with this - I really was preparing the tests on Windows, as a more complex case.
I think we may leave those two assertions commented out.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruth Cao updated HARMONY-2910:
------------------------------
Attachment: Harmony-2910.diff
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537033 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Tim, most patches are obsolete versions.
What needs to be done now is committing two patches, Harmony-2910-Fix.patch and Harmony-2910-Test.patch dated 04/Oct/07:
http://issues.apache.org/jira/secure/attachment/12367087/Harmony-2910-Fix.patch
http://issues.apache.org/jira/secure/attachment/12367090/Harmony-2910-Test.patch
Thank you!
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-2910?page=comments#action_12461469 ]
Ruth Cao commented on HARMONY-2910:
-----------------------------------
Hi,
I've written a simple test as followed:
public class FileTest {
public static void main(String[] args) throws Exception {
String name1 = new File(new URL("file:///c:/api/*").getFile()).getAbsolutePath();
System.out.println("name1: " + name1);
String name2 = new File(new URL("file:///c:/api/*").getFile()).getCanonicalPath();
System.out.println("name2: " + name2);
}
}
Harmony prints:
name1: c:\api\*
name2: C:\api\*
It seems there is no bug in j.i.File for this issue since it only converts the driver letter from lower case 'c' to upper case 'C', which complies with the spec.
So perhaps the only problem is in DefaultPolicyParser as my patch indicates. Would some security expert have a look and give some suggestion? Thanks a lot. :-)
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: http://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Tim Ellison (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537031 ]
Tim Ellison commented on HARMONY-2910:
--------------------------------------
I see 13 patches and lots of comments on this issue so it will take me a while to figure this all out!
If you could summarize what needs to be done now then that would be great, otherwise I'll figure it out myself in due course.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Tim Ellison (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison reopened HARMONY-2910:
----------------------------------
It would appear that there are two assertions in the new tests accompanying this issue that pass on Windows but fail on Linux. I checked and these are not regressions since (i.e. they also fail on) r587894 Linux.
I have temporarily disabled the tests until we figure out the tests are valid, and then fix the bug.
see:
http://svn.apache.org/viewvc?view=rev&revision=587894
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Mikhail Markov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506997 ]
Mikhail Markov commented on HARMONY-2910:
-----------------------------------------
Vasily, thanks for the patch!
I've reviewed it and think that it combines what Ruth and Stepan expected without checkRead() permissions checkings which is good.
But it's not fully correct: for exmple it handles urls like file://<smth> incorrectly.
Also from your patch PolicyEntryTest:
assertFalse(pe1.impliesCodeSource(cs1)); - this statement should not work because pe1 was created from this CodeSource.
I'll fix your patch and post it soon.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537014 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Tim, thank you very much for your attention.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Tim Ellison (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison closed HARMONY-2910.
--------------------------------
Resolution: Fixed
I agree, strange but true.
I shall now close the issue as resolved.
Thanks to everyone for your help and code.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506297 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
It seems the StackOverflowError occurs when SecurityManager.checkRead() is called.
Here's the minimal test that works fine (throws FileNotFoundException) on RI and DRL VM and causes StackOverflowError on IBM VM:
public class TestStackOverflow {
public static void main(String[] args) {
try {
System.setSecurityManager(new SecurityManager());
new java.io.FileInputStream("notexist");
} catch (Throwable e) {
e.printStackTrace(System.out);
}
}
}
Quite interesting is that additional investigation shows that PolicyEntry.impliesCodeSource() is called from System.setSecurityManager() on DRL VM, but is not called on IBM VM. I'm not sure how can this happen, I will continue investigating.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12538821 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Fine, thanks Tim and everybody!
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506939 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Sorry, I sent the previous comment in error. The last two paragraphs in it are wrong. Here's the right text:
As of PolicyEntryTest.testImpliesCodeSource(), it still fails on both RI and Harmony. It seems the test is incorrect, so I fixed the test and improved its functionality a bit. See additional patch Harmony-2910-PolicyEntryTest.patch.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Tim Ellison (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536961 ]
Tim Ellison commented on HARMONY-2910:
--------------------------------------
Stepan: Do you have any cycles to work on this issue? I'm happy to take it up if you want.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vasily Zakharov updated HARMONY-2910:
-------------------------------------
Attachment: Harmony-2910-Test.patch
Harmony-2910-Fix.patch
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-2910?page=all ]
Stepan Mishura reassigned HARMONY-2910:
---------------------------------------
Assignee: Stepan Mishura
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: http://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vasily Zakharov updated HARMONY-2910:
-------------------------------------
Attachment: Harmony-2910-Test.patch
Attached an updated regression test patch to cover the space problem.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
Posted by Stepan Mishura <st...@gmail.com>.
On 3/6/07, Ruth Cao wrote:
>
> Hello Stepan,
>
> It's really too late for me to reply :-( ... I've tried your patch and
> run all tests on both windows xp and red hat linux, IBM VME.
>
> It seems that it has passed the o.a.h.rmi.RegistryTest on both
> platforms. As for LogManagerTest, now it has already been excluded in
> the logging module. So is it possible that the crash you have
> encountered is due to other problems (such as Harmony-3075 and
> Harmony-3142)?
>
> Pls correct me if I'm wrong. Thanks.
Hi Ruth,
Thanks for trying the patch. I'll look into the issues you've mentioned.
-Stepan
Stepan Mishura (JIRA) wrote:
> > [
> https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
> >
> > Stepan Mishura updated HARMONY-2910:
> > ------------------------------------
> >
> > Attachment: Harmony-2910.diff
> >
> > Hi Ruth,
> >
> > Sorry for delay with response. You update looks OK for me. I just
> modified CodeSource recreation and moved it to
> PolicyEntry.impliesCodeSource(). Also I simplified
> PolicyUtils.normalizeURL().
> >
> > But simplification of normalizeURL() method I've discovered one more
> problem in security code. If you run a refreshed patch (from Feb 06) you
> will see tests crashes:
> > org.apache.harmony.logging.tests.java.util.logging.LogManagerTest
> > org.apache.harmony.rmi.RegistryTest
> >
> > It looks like there is a cyclic dependency in security code. So I'm
> going to wait with the patch applying until the cyclic dependency is
> investigated and resolved.
> >
> > Thoughts?
> >
> > Thanks,
> > Stepan.
> >
> >
> >
> >> [classlib][security] Harmony cannot identify 'codeBase' feature in
> policy file
> >>
> ------------------------------------------------------------------------------
> >>
> >> Key: HARMONY-2910
> >> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> >> Project: Harmony
> >> Issue Type: Bug
> >> Components: Classlib
> >> Reporter: Ruth Cao
> >> Assigned To: Stepan Mishura
> >> Attachments: Harmony-2910-2.zip, Harmony-2910.diff,
> Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
> >>
> >>
> >> create a simple policy file and then run PolicyTest with the argument
> and the policy file[1] as following on Windows XP:
> >> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> >> public class PolicyTest {
> >> public static void main(String[] args) throws Exception {
> >> Policy p = Policy.getPolicy();
> >> ProtectionDomain pd = new ProtectionDomain(new
> CodeSource(new URL(
> >> "file:/c:/api/*"), (
> java.security.cert.Certificate[]) null), null);
> >> PermissionCollection pCollection = p.getPermissions(pd);
> >> Enumeration<Permission> elements = pCollection.elements();
> >> while (elements.hasMoreElements()) {
> >> if(elements.nextElement().equals(new
> AllPermission())){
> >> System.out.println("contains
> AllPermission");
> >> }
> >> }
> >> }
> >> }
> >> RI prints:
> >> contains AllPermission
> >> while Harmony prints nothing.
> >> [1]
> >> grant codeBase "file:${test.bin.dir}/-" {
> >> permission java.security.AllPermission;
> >> };
> >>
> >
> >
>
>
--
Stepan Mishura
Intel Enterprise Solutions Software Division
Re: [jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by Ruth Cao <ru...@gmail.com>.
Hello Stepan,
It's really too late for me to reply :-( ... I've tried your patch and
run all tests on both windows xp and red hat linux, IBM VME.
It seems that it has passed the o.a.h.rmi.RegistryTest on both
platforms. As for LogManagerTest, now it has already been excluded in
the logging module. So is it possible that the crash you have
encountered is due to other problems (such as Harmony-3075 and
Harmony-3142)?
Pls correct me if I'm wrong. Thanks.
Stepan Mishura (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Stepan Mishura updated HARMONY-2910:
> ------------------------------------
>
> Attachment: Harmony-2910.diff
>
> Hi Ruth,
>
> Sorry for delay with response. You update looks OK for me. I just modified CodeSource recreation and moved it to PolicyEntry.impliesCodeSource(). Also I simplified PolicyUtils.normalizeURL().
>
> But simplification of normalizeURL() method I've discovered one more problem in security code. If you run a refreshed patch (from Feb 06) you will see tests crashes:
> org.apache.harmony.logging.tests.java.util.logging.LogManagerTest
> org.apache.harmony.rmi.RegistryTest
>
> It looks like there is a cyclic dependency in security code. So I'm going to wait with the patch applying until the cyclic dependency is investigated and resolved.
>
> Thoughts?
>
> Thanks,
> Stepan.
>
>
>
>> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
>> ------------------------------------------------------------------------------
>>
>> Key: HARMONY-2910
>> URL: https://issues.apache.org/jira/browse/HARMONY-2910
>> Project: Harmony
>> Issue Type: Bug
>> Components: Classlib
>> Reporter: Ruth Cao
>> Assigned To: Stepan Mishura
>> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>>
>>
>> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
>> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
>> public class PolicyTest {
>> public static void main(String[] args) throws Exception {
>> Policy p = Policy.getPolicy();
>> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
>> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
>> PermissionCollection pCollection = p.getPermissions(pd);
>> Enumeration<Permission> elements = pCollection.elements();
>> while (elements.hasMoreElements()) {
>> if(elements.nextElement().equals(new AllPermission())){
>> System.out.println("contains AllPermission");
>> }
>> }
>> }
>> }
>> RI prints:
>> contains AllPermission
>> while Harmony prints nothing.
>> [1]
>> grant codeBase "file:${test.bin.dir}/-" {
>> permission java.security.AllPermission;
>> };
>>
>
>
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepan Mishura updated HARMONY-2910:
------------------------------------
Attachment: Harmony-2910.diff
Hi Ruth,
Sorry for delay with response. You update looks OK for me. I just modified CodeSource recreation and moved it to PolicyEntry.impliesCodeSource(). Also I simplified PolicyUtils.normalizeURL().
But simplification of normalizeURL() method I've discovered one more problem in security code. If you run a refreshed patch (from Feb 06) you will see tests crashes:
org.apache.harmony.logging.tests.java.util.logging.LogManagerTest
org.apache.harmony.rmi.RegistryTest
It looks like there is a cyclic dependency in security code. So I'm going to wait with the patch applying until the cyclic dependency is investigated and resolved.
Thoughts?
Thanks,
Stepan.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Mikhail Markov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mikhail Markov updated HARMONY-2910:
------------------------------------
Attachment: H-2910_upd.patch
Here is the updated patch for the code: it fixes the mentioned issues in normalization and added the normalization of CodeSource to the PolicyEntry constructor - otherwise impliesCodeSource() method will not work correctly.
Please review it.
Also i think it makes sense to add regression tests for tricky cases like: "file:", "file:*", "file://*" etc.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12463840 ]
Stepan Mishura commented on HARMONY-2910:
-----------------------------------------
Hi Ruth,
I've created a regression test for the issue(see patch regressionTest2910.txt). The test passes on RI but fails on Hamony. And your fix doesn't help - the test still fails on Harmony (I've verified on Windows and Linux). Could you have a look?
Thanks,
Stepan.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532083 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
By the way, getCanonicalPath() performs actual file access, may take long if drive is slow (e. g. Samba), may fail with exception if path is inaccessible at the moment (e. g. on network drive) etc. On the other hand, getAbsolutePath() is purely logical and doesn't need file system access.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506278 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Stepan, is it the "cyclic dependency" you were talking about?
I also tried to investigate HARMONY-3939 with this patch applied, and found that the test attached there fails on both IBM VM and DRL VM with the
same kind of StackOverflowError. So the problem exists on DRL VM also. In this context, the fact that tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission() passes on DRL VM looks very strange.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531772 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Alexey, Leo, thanks a lot for your evalutation!
I agree with Leo on these two points, so it seems there's nothing to change in the patch.
Maybe it's time to commit it?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506723 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Mikhail,
Thanks for investigation, I agree with your justification.
However, the problem with Ruth's implementation of normalizeURL() is I couldn't make it work as expected. It works fine for absolute URLs but doesn't work for relative ones. For example, if original URL is "file:*", fileStr is "*" and new URI(fileStr).normalize() is also "*", so resulting URL is again "file:*", while it's expected to be expanded to the full current directory path.
I'm afraid this problem doesn't have a simple solution, as it requires finding out the name of the current directory, which is obtained from user.dir property using permission-sensitive System.getProperty() call.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepan Mishura updated HARMONY-2910:
------------------------------------
Attachment: regressionTest2910.txt
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Alexey Varlamov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532040 ]
Alexey Varlamov commented on HARMONY-2910:
------------------------------------------
I agree on (2), but suggest to re-visit (1): I see no problem to strip "-" or "*" before normalization, while canonical path guarantees better matching (we have to ignore case on Windows anyway).
BTW for (2), we can cache normalized urls if it becomes real overhead, and maybe even improve CodeSource matching this way...
As for commit, I'd not hurry with commit in the M3 - let's wait a few days.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Alexey Varlamov (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-2910?page=comments#action_12461183 ]
Alexey Varlamov commented on HARMONY-2910:
------------------------------------------
Interesting. Accordingly to javadoc, "canonical pathname is both absolute and unique" - so this might be a problem in j.i.File impl, I did not look closer.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: http://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465650 ]
Stepan Mishura commented on HARMONY-2910:
-----------------------------------------
Hi Ruth,
Thanks for the patch. I've improved the regression test and committed it to SVN with your patch to DefaultPolicyParser.java at r497300. Your patch fixed 4 test cases but in 2 cases Harmony still fails (they are commented out in the regression test). Could you investigate?
Thanks,
Stepan.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537770 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
I've investigated carefully, the two problem cases indeed work differently on Windows and Linux, both on RI and Harmony.
So I suggest to remove the two problem lines altogether, and close the issue as fixed.
Tim, do you agree?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12463228 ]
Ruth Cao commented on HARMONY-2910:
-----------------------------------
Hi Stephan,
May you pls have a look at this issue? Thanks so much.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910.diff
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506265 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
Also I've noticed that two security tests are failing with the latest patch applied:
org.apache.harmony.security.tests.PolicyEntryTest.testImpliesCodeSource()
tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission()
I investigated the first failure, checked the way CodeSource methods are used in PolicyEntryTest.testImpliesCodeSource() and PolicyEntry.impliesCodeSource() and found out that in this respect Harmony implementation works identically to RI. In particular, the following asserions fail on RI also:
assertTrue(pe.impliesCodeSource(cs2));
assertTrue(pe.impliesCodeSource(new CodeSource(new URL("file://-"), (Certificate[])null)));
Does it mean that PolicyUtils.normalizeURL() works incorrectly, or PolicyEntry.impliesCodeSource() logic is not right (for example, why codeSource is normalized while cs is not?), or the two asserions above should be changed to assertFalse() ?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466437 ]
Ruth Cao commented on HARMONY-2910:
-----------------------------------
Stepan, may you pls try this one?
Thanks so much.
Ruth
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532084 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
On the other hand, with the current patch Harmony doesn't handle spaces in paths correctly.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465945 ]
Ruth Cao commented on HARMONY-2910:
-----------------------------------
Hello Stepan,
Thank you very much for the commit. I'm looking into this issue and have found that so far Harmony has no support for relative pathname symbols (such as ., .., etc.).
Thus, I'm trying to add this new feature but it may need more time to do so. Thanks for your patience. :-)
Regards,
Ruth.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (HARMONY-2910) [classlib][security] Harmony cannot
identify 'codeBase' feature in policy file
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stepan Mishura reassigned HARMONY-2910:
---------------------------------------
Assignee: Tim Ellison (was: Stepan Mishura)
Tim, please take cause of it - I'm very busy other tasks.
Sorry, for holding it for so long
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Tim Ellison
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506272 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
I've also investigated the tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission() failure.
With the latest patch applied, the test actually passes on DRL VM.
On IBM VM the test fails because the child JVM it starts with exec crashes with the following StackOverflowError:
java.lang.StackOverflowError
at java.nio.charset.CharsetEncoder.encode(CharsetEncoder.java:475)
at java.nio.charset.CharsetEncoder.encode(CharsetEncoder.java:345)
at java.nio.charset.Charset.encode(Charset.java:686)
at java.lang.String.getBytes(String.java:825)
at org.apache.harmony.luni.util.Util.getBytes(Util.java:56)
at java.io.File.properPath(File.java:1182)
at java.io.File.getAbsolutePath(File.java:454)
at java.io.File.getAbsoluteFile(File.java:466)
at org.apache.harmony.security.fortress.PolicyUtils.normalizeURL(PolicyUtils.java:297)
at org.apache.harmony.security.PolicyEntry.impliesCodeSource(PolicyEntry.java:82)
at org.apache.harmony.security.fortress.DefaultPolicy.getPermissions(DefaultPolicy.java:215)
at java.security.Policy.implies(Policy.java:14)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:160)
at java.security.AccessController.checkPermission(AccessController.java:92)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
at java.lang.SecurityManager.checkRead(SecurityManager.java:398)
at java.io.File.isDirectory(File.java:711)
at java.io.File.getAbsoluteName(File.java:135)
at java.io.File.toURI(File.java:1262)
... (11 lines repeated many times)
at org.apache.harmony.security.fortress.PolicyUtils.normalizeURL(PolicyUtils.java:297)
at org.apache.harmony.security.PolicyEntry.impliesCodeSource(PolicyEntry.java:82)
at org.apache.harmony.security.fortress.DefaultPolicy.getPermissions(DefaultPolicy.java:215)
at java.security.Policy.implies(Policy.java:14)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:160)
at java.security.AccessController.checkPermission(AccessController.java:92)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
at java.lang.SecurityManager.checkRead(SecurityManager.java:398)
at java.io.File.isDirectory(File.java:711)
at java.io.File.getAbsoluteName(File.java:135)
at java.io.File.toURI(File.java:1262)
at org.apache.harmony.security.fortress.PolicyUtils.normalizeURL(PolicyUtils.java:297)
at org.apache.harmony.security.PolicyEntry.impliesCodeSource(PolicyEntry.java:82)
at org.apache.harmony.security.fortress.DefaultPolicy.getPermissions(DefaultPolicy.java:215)
at java.security.Policy.implies(Policy.java:14)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:160)
at java.security.AccessController.checkPermission(AccessController.java:92)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:746)
at java.lang.SecurityManager.checkRead(SecurityManager.java:398)
at java.util.zip.ZipFile.<init>(ZipFile.java:88)
at java.util.jar.JarFile.<init>(JarFile.java:172)
at org.apache.harmony.luni.internal.net.www.protocol.jar.JarURLConnection.openJarFile(JarURLConnection.java:144)
at org.apache.harmony.luni.internal.net.www.protocol.jar.JarURLConnection.findJarFile(JarURLConnection.java:121)
at org.apache.harmony.luni.internal.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:87)
at org.apache.harmony.luni.internal.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:14)
at java.net.URLClassLoader.createURLJarHandler(URLClassLoader.java:141)
at java.net.URLClassLoader.makeNewHandler(URLClassLoader.java:998)
at java.net.URLClassLoader.getHandler(URLClassLoader.java:981)
at java.net.URLClassLoader.findClassImpl(URLClassLoader.java:1190)
at java.net.URLClassLoader$4.run(URLClassLoader.java:889)
at java.net.URLClassLoader$4.run(URLClassLoader.java:1)
at java.security.AccessController.doPrivileged(AccessController.java:21)
at java.net.URLClassLoader.findClass(URLClassLoader.java:886)
at java.lang.ClassLoader.loadClass(ClassLoader.java:632)
at java.net.URLClassLoader$SubURLClassLoader.loadClass(URLClassLoader.java:18)
at java.lang.ClassLoader.loadClass(ClassLoader.java:594)
at java.lang.Class.forNameImpl(Native Method)
at java.lang.Class.forName(Class.java:162)
at tests.support.Support_PermissionCollection.main(Support_PermissionCollection.java:38)
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Vasily Zakharov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532464 ]
Vasily Zakharov commented on HARMONY-2910:
------------------------------------------
As of (1), I've checked the RI behavior, it does NOT ignore case on Windows, and Harmony does not too. It seems RI also uses getAbsolutePath() instead of getCanonicalPath() to avoid extra I/O operations. My opinion is we should do the same.
By the way, Harmony treats cyrillic characters in policies correctly, while RI does not.
So, I suggest the provided patch to be applied as soon as M3 is released.
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Ruth Cao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465082 ]
Ruth Cao commented on HARMONY-2910:
-----------------------------------
Hi Stepan,
Sorry for the late response. It seems the problem is related to the absolute/relative path of the file URL. I've updated the patch and pls verify it.
Thanks.
Ruth
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assigned To: Stepan Mishura
> Attachments: Harmony-2910-2.zip, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-2910) [classlib][security] Harmony
cannot identify 'codeBase' feature in policy file
Posted by "Alexey Varlamov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530999 ]
Alexey Varlamov commented on HARMONY-2910:
------------------------------------------
Mikhail, Vasily, the last fix looks good. I have only minor concerns:
1) Shouldn't getCanonicalPath() be used instead of getAbsolutePath(), to normalize case of paths on Windows?
2) Normalizing incoming CodeSource on every call to PolicyEntry.impliesCodeSource() may affect performance, is it appropriate to normalize URLs in constructor of CodeSource()?
> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
> Key: HARMONY-2910
> URL: https://issues.apache.org/jira/browse/HARMONY-2910
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Ruth Cao
> Assignee: Stepan Mishura
> Attachments: H-2910_upd.patch, Harmony-2910-2.zip, Harmony-2910-Fix.patch, Harmony-2910-fix.patch, Harmony-2910-PolicyEntryTest.patch, Harmony-2910-PolicyTest.patch, Harmony-2910-Test.patch, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff, regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest with the argument and the policy file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {
> public static void main(String[] args) throws Exception {
> Policy p = Policy.getPolicy();
> ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> "file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> PermissionCollection pCollection = p.getPermissions(pd);
> Enumeration<Permission> elements = pCollection.elements();
> while (elements.hasMoreElements()) {
> if(elements.nextElement().equals(new AllPermission())){
> System.out.println("contains AllPermission");
> }
> }
> }
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.