You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Paulex Yang (JIRA)" <ji...@apache.org> on 2006/10/25 16:05:16 UTC
[jira] Created: (HARMONY-1963) [classlib][security] Harmony cannot
read security policy file correctly
[classlib][security] Harmony cannot read security policy file correctly
-----------------------------------------------------------------------
Key: HARMONY-1963
URL: http://issues.apache.org/jira/browse/HARMONY-1963
Project: Harmony
Issue Type: Bug
Components: Classlib
Environment: Harmony classlib + IBM VME, windows XP+sp2
Reporter: Paulex Yang
I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
-Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
public class SecurityManagerTest {
public static void main(String[] args) throws Exception{
System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
}
}
RI prints:
Windows XP
null
Harmony prints:
Windows XP
K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
at java.security.AccessController.checkPermission(AccessController.java:94)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
at java.lang.System.getProperty(System.java:675)
at java.lang.System.getProperty(System.java:660)
at SecurityManagerTest.main(Unknown Source)
I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
[1]
grant codeBase "file:${test.bin.dir}/-" {
permission java.security.AllPermission;
};
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [classlib][security]Re: [jira] Created: (HARMONY-1963) [classlib][security] Harmony cannot read security policy file correctly
Posted by Boris Kuznetsov <bo...@gmail.com>.
I'll take a look.
thanks,
Boris
On 10/25/06, Paulex Yang <pa...@gmail.com> wrote:
> Any security guys can help to look at this issue? thanks in advance. I
> haven't found time to looked closer to find the cause yet, but it seems
> a little serious.
>
> Paulex Yang (JIRA) wrote:
> > [classlib][security] Harmony cannot read security policy file correctly
> > -----------------------------------------------------------------------
> >
> > Key: HARMONY-1963
> > URL: http://issues.apache.org/jira/browse/HARMONY-1963
> > Project: Harmony
> > Issue Type: Bug
> > Components: Classlib
> > Environment: Harmony classlib + IBM VME, windows XP+sp2
> > Reporter: Paulex Yang
> >
> >
> > I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
> >
> > -Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
> >
> > public class SecurityManagerTest {
> > public static void main(String[] args) throws Exception{
> > System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
> > System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
> > }
> > }
> >
> > RI prints:
> > Windows XP
> > null
> >
> > Harmony prints:
> > Windows XP
> > K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
> > at java.security.AccessController.checkPermission(AccessController.java:94)
> > at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
> > at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
> > at java.lang.System.getProperty(System.java:675)
> > at java.lang.System.getProperty(System.java:660)
> > at SecurityManagerTest.main(Unknown Source)
> >
> > I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
> >
> > [1]
> > grant codeBase "file:${test.bin.dir}/-" {
> > permission java.security.AllPermission;
> > };
> >
> >
> >
>
>
> --
> Paulex Yang
> China Software Development Lab
> IBM
>
>
--
Best regards,
Boris Kuznetsov
Intel Middleware Products Division
[classlib][security]Re: [jira] Created: (HARMONY-1963) [classlib][security]
Harmony cannot read security policy file correctly
Posted by Paulex Yang <pa...@gmail.com>.
Any security guys can help to look at this issue? thanks in advance. I
haven't found time to looked closer to find the cause yet, but it seems
a little serious.
Paulex Yang (JIRA) wrote:
> [classlib][security] Harmony cannot read security policy file correctly
> -----------------------------------------------------------------------
>
> Key: HARMONY-1963
> URL: http://issues.apache.org/jira/browse/HARMONY-1963
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Environment: Harmony classlib + IBM VME, windows XP+sp2
> Reporter: Paulex Yang
>
>
> I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
>
> -Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
>
> public class SecurityManagerTest {
> public static void main(String[] args) throws Exception{
> System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
> System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
> }
> }
>
> RI prints:
> Windows XP
> null
>
> Harmony prints:
> Windows XP
> K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
> at java.security.AccessController.checkPermission(AccessController.java:94)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
> at java.lang.System.getProperty(System.java:675)
> at java.lang.System.getProperty(System.java:660)
> at SecurityManagerTest.main(Unknown Source)
>
> I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
>
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
>
>
>
--
Paulex Yang
China Software Development Lab
IBM
[jira] Resolved: (HARMONY-1963) [classlib][security] Harmony cannot
read security policy file correctly
Posted by "Paulex Yang (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-1963?page=all ]
Paulex Yang resolved HARMONY-1963.
----------------------------------
Resolution: Fixed
Assignee: Paulex Yang
Boris, it works! Thank you very much for this enhancement, please verify the patch is applied as you expected.
> [classlib][security] Harmony cannot read security policy file correctly
> -----------------------------------------------------------------------
>
> Key: HARMONY-1963
> URL: http://issues.apache.org/jira/browse/HARMONY-1963
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Environment: Harmony classlib + IBM VME, windows XP+sp2
> Reporter: Paulex Yang
> Assigned To: Paulex Yang
> Attachments: patch.txt
>
>
> I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
> -Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
> public class SecurityManagerTest {
> public static void main(String[] args) throws Exception{
> System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
> System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
> }
> }
> RI prints:
> Windows XP
> null
> Harmony prints:
> Windows XP
> K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
> at java.security.AccessController.checkPermission(AccessController.java:94)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
> at java.lang.System.getProperty(System.java:675)
> at java.lang.System.getProperty(System.java:660)
> at SecurityManagerTest.main(Unknown Source)
> I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HARMONY-1963) [classlib][security] Harmony cannot
read security policy file correctly
Posted by "Boris Kuznetsov (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-1963?page=all ]
Boris Kuznetsov updated HARMONY-1963:
-------------------------------------
Attachment: patch.txt
Paulex,
Please try this patch. I hope it will resolve the problem.
The problem is in the following line of the policy file: "file:${test.bin.dir}/-"
The CodeSource associated with URL "file:<...>" (without slash) doesn't implies CodeSource associated with URL "file:/<...>" (with slash).
Although it is not specified, Harmony should convert CodeSource to general form to be compatible with RI.
> [classlib][security] Harmony cannot read security policy file correctly
> -----------------------------------------------------------------------
>
> Key: HARMONY-1963
> URL: http://issues.apache.org/jira/browse/HARMONY-1963
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Environment: Harmony classlib + IBM VME, windows XP+sp2
> Reporter: Paulex Yang
> Attachments: patch.txt
>
>
> I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
> -Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
> public class SecurityManagerTest {
> public static void main(String[] args) throws Exception{
> System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
> System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
> }
> }
> RI prints:
> Windows XP
> null
> Harmony prints:
> Windows XP
> K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
> at java.security.AccessController.checkPermission(AccessController.java:94)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
> at java.lang.System.getProperty(System.java:675)
> at java.lang.System.getProperty(System.java:660)
> at SecurityManagerTest.main(Unknown Source)
> I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-1963) [classlib][security] Harmony
cannot read security policy file correctly
Posted by "Paulex Yang (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-1963?page=comments#action_12444897 ]
Paulex Yang commented on HARMONY-1963:
--------------------------------------
Sorry, I forgot to add, it was applied at revision r468005.:)
> [classlib][security] Harmony cannot read security policy file correctly
> -----------------------------------------------------------------------
>
> Key: HARMONY-1963
> URL: http://issues.apache.org/jira/browse/HARMONY-1963
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Environment: Harmony classlib + IBM VME, windows XP+sp2
> Reporter: Paulex Yang
> Assigned To: Paulex Yang
> Attachments: patch.txt
>
>
> I created simple a java.policy file[1], and try to run SecurityManagerTest with argument:
> -Djava.security.manager -Dtest.bin.dir=<path to test bin directory> -Djava.security.policy=<path to policy file>
> public class SecurityManagerTest {
> public static void main(String[] args) throws Exception{
> System.out.println(System.getProperty("os.name")); //read access for this property has been granted by default policy
> System.out.println(System.getProperty("notexist")); // no access for this property has been granted by default policy
> }
> }
> RI prints:
> Windows XP
> null
> Harmony prints:
> Windows XP
> K0319java.security.AccessControlException: Access denied (java.util.PropertyPermission notexist read)
> at java.security.AccessController.checkPermission(AccessController.java:94)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:739)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:374)
> at java.lang.System.getProperty(System.java:675)
> at java.lang.System.getProperty(System.java:660)
> at SecurityManagerTest.main(Unknown Source)
> I got same results if add the content customized java.policy to default policy file without specifying policy file in cmd line.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
> permission java.security.AllPermission;
> };
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira