[jira] Commented: (HARMONY-1245) ClassLoader incorrectly handles AccessControlException

["Alexey Varlamov (JIRA)" <ji...@apache.org>]

    [ http://issues.apache.org/jira/browse/HARMONY-1245?page=comments#action_12429660 ] 
            
Alexey Varlamov commented on HARMONY-1245:
------------------------------------------

It follows from the printed stack, that the j.n.URLClassLoader fails to iterate through the list of URLs. 
On the other hand, however, j.s.AccessController of the DRLVM seems to check frames beyond privileged one... 
So we have 2 issues here, I think.

> ClassLoader incorrectly handles AccessControlException
> ------------------------------------------------------
>
>                 Key: HARMONY-1245
>                 URL: http://issues.apache.org/jira/browse/HARMONY-1245
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib, App-Oriented Bug Reports
>         Environment: Windows XP professional
>            Reporter: Anton Luht
>         Attachments: Test.jar
>
>
> Harmony: DRLVM + classlib
> java version "1.5.0"
> pre-alpha : not complete or compatible
> svn = r433212, (Aug 21 2006), Windows/ia32/msvc 1310, debug build
> Problem: if classloader tries to find a class in one of paths in its classpath and comes across security exception - no further lookup is made and application just crashes. The code to reproduce  uses code from MX4j unit test 'test.javax.management.LocalSecurityManagerTest' .
> Code:
> import java.io.*;
> import java.security.*;
> import java.util.*;
> class Test2 {
> }
> public class Test  { 
>    static {
>       Policy.setPolicy(new LocalModifiablePolicy());
>       System.setSecurityManager(new SecurityManager());
>    }
>     public static void main (String[] args) throws Exception {   
>        Class.forName("Test2");    
>     }
>    public static class LocalModifiablePolicy extends Policy
>    {
>       private final ProtectionDomain testDomain;
>       private final Map permissionsMap = new HashMap();
>       public LocalModifiablePolicy()
>       {
>          testDomain = LocalModifiablePolicy.class.getProtectionDomain();
>          CodeSource cs = Test.class.getProtectionDomain().getCodeSource();
>          permissionsMap.put(cs, createAllPermissions());
>          initialize();
>       }
>       private Permissions createAllPermissions()
>       {
>          Permissions allPermissions = new Permissions();
>          allPermissions.add(new AllPermission());
>          return allPermissions;
>       }
>       public PermissionCollection getPermissions(CodeSource codesource)
>       {
>          Permissions permissions = (Permissions)permissionsMap.get(codesource);
>          if (permissions == null)
>          {
>             permissions = new Permissions();
>             permissionsMap.put(codesource, permissions);
>          }
>          return permissions;
>       }
>       public void refresh()
>       {
>       }
>       public boolean implies(ProtectionDomain domain, Permission permission)
>       {
>          PermissionCollection perms = getPermissions(domain.getCodeSource());
>          return perms.implies(permission);
>       }
>       public void addPermission(Permission p)
>       {
>          Permissions permissions = (Permissions)getPermissions(testDomain.getCodeSource());
>          permissions.add(p);
>       }
>       public synchronized void initialize()
>       {
>          Permissions permissions = new Permissions();
>          permissions.add(new SecurityPermission("getPolicy"));
>          permissionsMap.put(testDomain.getCodeSource(), permissions);
>       }
>    }
> }
> Steps to reproduce:
> 1.  javac Test.java
> 2. jar cf Test.jar *.class
> 3. rm *.class
> 4. <path to java.exe> -cp .;Test.jar Test
> Output in RI: none
> Output in Harmony:
> java.security.AccessControlException: Permission check failed (java.io.FilePermi
> ssion C:\temp\tests\ab\.\Test2.class read)
>         at java.security.AccessControlContext.checkPermission()
>         at java.security.AccessController.checkPermission()
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:737)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:397)
>         at java.io.File.exists(File.java:435)
>         at java.net.URLClassLoader.findClassImpl(URLClassLoader.java:1059)
>         at java.net.URLClassLoader$4.run(URLClassLoader.java:617)
>         at java.net.URLClassLoader$4.run(URLClassLoader.java:616)
>         at java.security.AccessController.doPrivilegedImpl()
>         at java.security.AccessController.doPrivileged()
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:614)
>         at java.lang.ClassLoader.loadClass()
>         at java.net.URLClassLoader$SubURLClassLoader.loadClass(URLClassLoader.ja
> va:116)
>         at java.lang.ClassLoader.loadClass()
>         at java.lang.Class.forName()
>         at java.lang.Class.forName()
>         at Test.main(Test.java:16)
> Please find Test.jar attached

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira