-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
1.3.0
-
None
-
sparc
-
solaris_2.6
Running:
appletviewer -J-Djava.security.policy=/tmp/ap.policy http://www.soda.co.uk/soda/constructor/index.htm
where /tmp/ap.policy contains:
grant {
permission java.net.SocketPermission "www.soda.co.uk", "connect,accept,resolve";
};
nevertheless produces the exception:
java.security.AccessControlException: access denied (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at sun.applet.AppletClassLoader.getPermissions(AppletClassLoader.java:171)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:128)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:108)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:366)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:579)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:484)
The mystery is that the denied permission is exactly the same as the one granted.
Version information (appletviewer -J-version):
java version "1.3.0rc2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0rc2-Y)
Java HotSpot(TM) Client VM (build 1.3.0rc2-Y, interpreted mode)
Using -J-Djava.security.debug=policy verifies that the policy file is being read:
policy: reading file:/tmp/ap.policy
policy: Adding policy entry:
policy: signedBy null
policy: codeBase null
policy:
policy: (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
Using -J-Djava.security.policy=access,failure verifies that the protection
domain has the relevant permission at checkPermission time:
access: access denied (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:993)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:261)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at sun.applet.AppletClassLoader.getPermissions(AppletClassLoader.java:171)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:128)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:108)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:366)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:579)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:484)
access: domain that failed ProtectionDomain (http://www.soda.co.uk/soda/constructor/ <no certificates>)
java.security.Permissions@786e64 (
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission createClassLoader)
(java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
(java.net.SocketPermission www.soda.co.uk:80 connect,resolve)
)
I'm running this within SWAN.
appletviewer -J-Djava.security.policy=/tmp/ap.policy http://www.soda.co.uk/soda/constructor/index.htm
where /tmp/ap.policy contains:
grant {
permission java.net.SocketPermission "www.soda.co.uk", "connect,accept,resolve";
};
nevertheless produces the exception:
java.security.AccessControlException: access denied (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at sun.applet.AppletClassLoader.getPermissions(AppletClassLoader.java:171)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:128)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:108)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:366)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:579)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:484)
The mystery is that the denied permission is exactly the same as the one granted.
Version information (appletviewer -J-version):
java version "1.3.0rc2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0rc2-Y)
Java HotSpot(TM) Client VM (build 1.3.0rc2-Y, interpreted mode)
Using -J-Djava.security.debug=policy verifies that the policy file is being read:
policy: reading file:/tmp/ap.policy
policy: Adding policy entry:
policy: signedBy null
policy: codeBase null
policy:
policy: (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
Using -J-Djava.security.policy=access,failure verifies that the protection
domain has the relevant permission at checkPermission time:
access: access denied (java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:993)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:261)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at sun.applet.AppletClassLoader.getPermissions(AppletClassLoader.java:171)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:128)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:108)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:366)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:579)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:484)
access: domain that failed ProtectionDomain (http://www.soda.co.uk/soda/constructor/ <no certificates>)
java.security.Permissions@786e64 (
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission createClassLoader)
(java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission www.soda.co.uk connect,accept,resolve)
(java.net.SocketPermission www.soda.co.uk:80 connect,resolve)
)
I'm running this within SWAN.
- duplicates
-
-
- Resolved
-