You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Vladimir Ivanov (JIRA)" <ji...@apache.org> on 2006/07/05 13:53:31 UTC
[jira] Created: (HARMONY-771) [classlib][security] different
exceptions for javax.security.auth.login.LoginContext(String name)
LoginException vs. SecurityException
[classlib][security] different exceptions for javax.security.auth.login.LoginContext(String name) LoginException vs. SecurityException
--------------------------------------------------------------------------------------------------------------------------------------
Key: HARMONY-771
URL: http://issues.apache.org/jira/browse/HARMONY-771
Project: Harmony
Type: Bug
Components: Classlib
Reporter: Vladimir Ivanov
The harmony class javax.security.auth.login.LoginContext(String name) throws LoginException while RI throws SecurityException.
But seems it is the bug in the RI. It tries to read the configuration file by the method Configuration.getConfiguration() which throws SecurityException if no 'auth.login.config' file (while we have all permissions).
It is to discuss how it should be fixed.
===================== test.java ===========================
import javax.security.auth.login.LoginContext;
public class test {
public static void main (String[] args) throws Exception {
new LoginContext("0");
}
}
=======================================================
Output:
C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -Djava.security.auth.login.config=config -showversion test
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
javax.security.auth.login.LoginException: No LoginModules configured for 0
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
at test.main(test.java:5)
C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -showversion test
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
at java.lang.Class.newInstanceCached(I)Ljava.lang.Object;(Unknown Source)
at java.lang.Class.newInstance(I)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
at test.main(test.java:5)
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
... 8 more
C:\tmp\tmp17>C:\harmony\trunk_0427\deploy\jdk\jre\bin\java.exe -showversion test
java version 1.5 (subset)
(c) Copyright 1991, 2006 The Apache Software Foundation or its licensors, as applicable.
Exception in thread "main" javax.security.auth.login.LoginException: There is no "0" in Configuration or it's empty.
at javax.security.auth.login.LoginContext.init(LoginContext.java:183)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:98)
at test.main(test.java:5)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (HARMONY-771) [classlib][security] different
exceptions for javax.security.auth.login.LoginContext(String name)
LoginException vs. SecurityException
Posted by "Vladimir Ivanov (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-771?page=comments#action_12442478 ]
Vladimir Ivanov commented on HARMONY-771:
-----------------------------------------
verified, thanks
> [classlib][security] different exceptions for javax.security.auth.login.LoginContext(String name) LoginException vs. SecurityException
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-771
> URL: http://issues.apache.org/jira/browse/HARMONY-771
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Vladimir Ivanov
> Assigned To: Stepan Mishura
>
> The harmony class javax.security.auth.login.LoginContext(String name) throws LoginException while RI throws SecurityException.
> But seems it is the bug in the RI. It tries to read the configuration file by the method Configuration.getConfiguration() which throws SecurityException if no 'auth.login.config' file (while we have all permissions).
> It is to discuss how it should be fixed.
> ===================== test.java ===========================
> import javax.security.auth.login.LoginContext;
> public class test {
> public static void main (String[] args) throws Exception {
> new LoginContext("0");
> }
> }
> =======================================================
> Output:
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -Djava.security.auth.login.config=config -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> javax.security.auth.login.LoginException: No LoginModules configured for 0
> at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> java.lang.SecurityException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> at java.lang.Class.newInstanceCached(I)Ljava.lang.Object;(Unknown Source)
> at java.lang.Class.newInstance(I)Ljava.lang.Object;(Unknown Source)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
> at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> Caused by: java.io.IOException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
> ... 8 more
> C:\tmp\tmp17>C:\harmony\trunk_0427\deploy\jdk\jre\bin\java.exe -showversion test
> java version 1.5 (subset)
> (c) Copyright 1991, 2006 The Apache Software Foundation or its licensors, as applicable.
> Exception in thread "main" javax.security.auth.login.LoginException: There is no "0" in Configuration or it's empty.
> at javax.security.auth.login.LoginContext.init(LoginContext.java:183)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:98)
> at test.main(test.java:5)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (HARMONY-771) [classlib][security] different
exceptions for javax.security.auth.login.LoginContext(String name)
LoginException vs. SecurityException
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-771?page=all ]
Stepan Mishura resolved HARMONY-771.
------------------------------------
Resolution: Fixed
This issue was fixed by HARMONY-1715: now Harmony throws SecurityException in this case. I've added regression test for LoginContext class to AUTH module at r464384. (The added test is modification of regression test for Configuration class.)
Please check that the fix fully resolves your problem.
> [classlib][security] different exceptions for javax.security.auth.login.LoginContext(String name) LoginException vs. SecurityException
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-771
> URL: http://issues.apache.org/jira/browse/HARMONY-771
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Vladimir Ivanov
> Assigned To: Stepan Mishura
>
> The harmony class javax.security.auth.login.LoginContext(String name) throws LoginException while RI throws SecurityException.
> But seems it is the bug in the RI. It tries to read the configuration file by the method Configuration.getConfiguration() which throws SecurityException if no 'auth.login.config' file (while we have all permissions).
> It is to discuss how it should be fixed.
> ===================== test.java ===========================
> import javax.security.auth.login.LoginContext;
> public class test {
> public static void main (String[] args) throws Exception {
> new LoginContext("0");
> }
> }
> =======================================================
> Output:
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -Djava.security.auth.login.config=config -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> javax.security.auth.login.LoginException: No LoginModules configured for 0
> at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> java.lang.SecurityException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> at java.lang.Class.newInstanceCached(I)Ljava.lang.Object;(Unknown Source)
> at java.lang.Class.newInstance(I)Ljava.lang.Object;(Unknown Source)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
> at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> Caused by: java.io.IOException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
> ... 8 more
> C:\tmp\tmp17>C:\harmony\trunk_0427\deploy\jdk\jre\bin\java.exe -showversion test
> java version 1.5 (subset)
> (c) Copyright 1991, 2006 The Apache Software Foundation or its licensors, as applicable.
> Exception in thread "main" javax.security.auth.login.LoginException: There is no "0" in Configuration or it's empty.
> at javax.security.auth.login.LoginContext.init(LoginContext.java:183)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:98)
> at test.main(test.java:5)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (HARMONY-771) [classlib][security] different
exceptions for javax.security.auth.login.LoginContext(String name)
LoginException vs. SecurityException
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-771?page=all ]
Stepan Mishura reassigned HARMONY-771:
--------------------------------------
Assignee: Stepan Mishura
> [classlib][security] different exceptions for javax.security.auth.login.LoginContext(String name) LoginException vs. SecurityException
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-771
> URL: http://issues.apache.org/jira/browse/HARMONY-771
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Vladimir Ivanov
> Assigned To: Stepan Mishura
>
> The harmony class javax.security.auth.login.LoginContext(String name) throws LoginException while RI throws SecurityException.
> But seems it is the bug in the RI. It tries to read the configuration file by the method Configuration.getConfiguration() which throws SecurityException if no 'auth.login.config' file (while we have all permissions).
> It is to discuss how it should be fixed.
> ===================== test.java ===========================
> import javax.security.auth.login.LoginContext;
> public class test {
> public static void main (String[] args) throws Exception {
> new LoginContext("0");
> }
> }
> =======================================================
> Output:
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -Djava.security.auth.login.config=config -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> javax.security.auth.login.LoginException: No LoginModules configured for 0
> at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> java.lang.SecurityException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> at java.lang.Class.newInstanceCached(I)Ljava.lang.Object;(Unknown Source)
> at java.lang.Class.newInstance(I)Ljava.lang.Object;(Unknown Source)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
> at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> Caused by: java.io.IOException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
> ... 8 more
> C:\tmp\tmp17>C:\harmony\trunk_0427\deploy\jdk\jre\bin\java.exe -showversion test
> java version 1.5 (subset)
> (c) Copyright 1991, 2006 The Apache Software Foundation or its licensors, as applicable.
> Exception in thread "main" javax.security.auth.login.LoginException: There is no "0" in Configuration or it's empty.
> at javax.security.auth.login.LoginContext.init(LoginContext.java:183)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:98)
> at test.main(test.java:5)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (HARMONY-771) [classlib][security] different
exceptions for javax.security.auth.login.LoginContext(String name)
LoginException vs. SecurityException
Posted by "Stepan Mishura (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/HARMONY-771?page=all ]
Stepan Mishura closed HARMONY-771.
----------------------------------
Verified by Vladimir.
> [classlib][security] different exceptions for javax.security.auth.login.LoginContext(String name) LoginException vs. SecurityException
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HARMONY-771
> URL: http://issues.apache.org/jira/browse/HARMONY-771
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Vladimir Ivanov
> Assigned To: Stepan Mishura
>
> The harmony class javax.security.auth.login.LoginContext(String name) throws LoginException while RI throws SecurityException.
> But seems it is the bug in the RI. It tries to read the configuration file by the method Configuration.getConfiguration() which throws SecurityException if no 'auth.login.config' file (while we have all permissions).
> It is to discuss how it should be fixed.
> ===================== test.java ===========================
> import javax.security.auth.login.LoginContext;
> public class test {
> public static void main (String[] args) throws Exception {
> new LoginContext("0");
> }
> }
> =======================================================
> Output:
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -Djava.security.auth.login.config=config -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> javax.security.auth.login.LoginException: No LoginModules configured for 0
> at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> C:\tmp\tmp17>C:\jrockit-jdk1.5.0-windows-ia32\bin\java.exe -showversion test
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
> BEA WebLogic JRockit(R) (build dra-38972-20041208-2001-win-ia32, R25.0.0-75, GC: System optimized over throughput (initial strategy singleparpar))
> java.lang.SecurityException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> at java.lang.Class.newInstanceCached(I)Ljava.lang.Object;(Unknown Source)
> at java.lang.Class.newInstance(I)Ljava.lang.Object;(Unknown Source)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
> at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:334)
> at test.main(test.java:5)
> Caused by: java.io.IOException: Unable to locate a login configuration
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
> ... 8 more
> C:\tmp\tmp17>C:\harmony\trunk_0427\deploy\jdk\jre\bin\java.exe -showversion test
> java version 1.5 (subset)
> (c) Copyright 1991, 2006 The Apache Software Foundation or its licensors, as applicable.
> Exception in thread "main" javax.security.auth.login.LoginException: There is no "0" in Configuration or it's empty.
> at javax.security.auth.login.LoginContext.init(LoginContext.java:183)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:98)
> at test.main(test.java:5)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira