Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4428529

Interaction between java.security.debug and permissions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 1.4.0
    • 1.0
    • security-libs
    • beta
    • generic
    • generic

    Description



      Name: krC82822 Date: 03/21/2001


      emacs: test 574>java -version
      java version "1.3.0_01"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_01)
      Java HotSpot(TM) Client VM (build 1.3.0_01, mixed mode)

      I'm seeing a strange interaction between the granting of the
      (javax.security.auth.AuthPermission getLoginConfiguration)
      permission and the setting of the java.security.debug=all
      property even in the absence of a security manager when
      the java.security.policy property is set from within the
      class main method.

      See the TestLogin.java code at the end of this note.

      emacs: test 575>echo $CLASSPATH
      .;/usr/local/src/cvsroot/jBoss/jboss/dist/lib/jaas.jar

      +++ Try running with java.security.debug=access
      emacs: test 576>java -Djava.security.debug=access TestLogin
      java.security.manager = null
      access: access allowed (javax.security.auth.AuthPermission
      getLoginConfiguration)

      +++ Try running with java.security.debug=all
      emacs: test 577>java -Djava.security.debug=all TestLogin
      scl: getPermissions
      (file:/D:/usr/local/src/cvsroot/jBoss/jbosssx/src/main/test/ <no certificates>)
      policy: reading file:D:/usr/local/Java/jdk1.3/jre/lib/security/java.policy
      policy: Adding policy entry:
      policy: signedBy null
      policy: codeBase file:D:/usr/local/Java/jdk1.3/jre/lib/ext/*
      ...

      scl:
      java.security.manager = null
      java.lang.Exception: Stack trace
      at java.lang.Thread.dumpStack(Thread.java:993)
      at java.security.AccessControlContext.checkPermission
      (AccessControlContext.java:230)
      at java.security.AccessController.checkPermission
      (AccessController.java:399)
      at TestLogin.main(TestLogin.java:17)
      access: domain 0 ProtectionDomain
      (file:/D:/usr/local/src/cvsroot/jBoss/jbosssx/src/main/test/ <no certificates>)
      java.security.Permissions@5601ea (
       (javax.sound.sampled.AudioPermission record)
       (java.awt.AWTPermission showWindowWithoutWarningBanner)
       (java.io.FilePermission <<ALL FILES>> read)
       (java.io.FilePermission
      D:\usr\local\src\cvsroot\jBoss\jbosssx\src\main\test\jmf.log write)
       (java.io.FilePermission D:\Documents and Settings\Administrator\.JMStudioCfg
      write)
       (java.io.FilePermission D:\Temp\* write)
       (java.io.FilePermission D:\Temp\* delete)
       (java.io.FilePermission \D:\usr\local\src\cvsroot\jBoss\jbosssx\src\main\test\-
       read)
       (java.lang.RuntimePermission exitVM)
       (java.lang.RuntimePermission modifyThreadGroup)
       (java.lang.RuntimePermission stopThread)
       (java.lang.RuntimePermission loadLibrary.*)
       (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       (java.lang.RuntimePermission accessClassInPackage.sun.audio)
       (java.lang.RuntimePermission modifyThread)
       (java.net.SocketPermission * connect,accept,resolve)
       (java.net.SocketPermission localhost:1024- listen,resolve)
       (java.util.PropertyPermission java.class.path read)
       (java.util.PropertyPermission user.name read)
       (java.util.PropertyPermission java.vendor read)
       (java.util.PropertyPermission java.specification.version read)
       (java.util.PropertyPermission line.separator read)
       (java.util.PropertyPermission java.class.version read)
       (java.util.PropertyPermission java.specification.name read)
       (java.util.PropertyPermission java.vendor.url read)
       (java.util.PropertyPermission java.vm.version read)
       (java.util.PropertyPermission os.name read)
       (java.util.PropertyPermission os.arch read)
       (java.util.PropertyPermission java.home read)
       (java.util.PropertyPermission os.version read)
       (java.util.PropertyPermission java.version read)
       (java.util.PropertyPermission java.vm.specification.version read)
       (java.util.PropertyPermission user.dir read)
       (java.util.PropertyPermission java.vm.specification.name read)
       (java.util.PropertyPermission java.specification.vendor read)
       (java.util.PropertyPermission java.vm.vendor read)
       (java.util.PropertyPermission file.separator read)
       (java.util.PropertyPermission path.separator read)
       (java.util.PropertyPermission user.home read)
       (java.util.PropertyPermission java.vm.name read)
       (java.util.PropertyPermission java.vm.specification.vendor read)
      )


      access: access denied (javax.security.auth.AuthPermission getLoginConfiguration)
      java.lang.Exception: Stack trace
      at java.lang.Thread.dumpStack(Thread.java:993)
      at java.security.AccessControlContext.checkPermission
      (AccessControlContext.java:261)
      at java.security.AccessController.checkPermission
      (AccessController.java:399)
      at TestLogin.main(TestLogin.java:17)
      access: domain that failed ProtectionDomain
      (file:/D:/usr/local/src/cvsroot/jBoss/jbosssx/src/main/test/ <no certificates>)
      java.security.Permissions@5601ea (
       (javax.sound.sampled.AudioPermission record)
       (java.awt.AWTPermission showWindowWithoutWarningBanner)
       (java.io.FilePermission <<ALL FILES>> read)
       (java.io.FilePermission
      D:\usr\local\src\cvsroot\jBoss\jbosssx\src\main\test\jmf.log write)
       (java.io.FilePermission D:\Documents and Settings\Administrator\.JMStudioCfg
      write)
       (java.io.FilePermission D:\Temp\* write)
       (java.io.FilePermission D:\Temp\* delete)
       (java.io.FilePermission \D:\usr\local\src\cvsroot\jBoss\jbosssx\src\main\test\-
       read)
       (java.lang.RuntimePermission exitVM)
       (java.lang.RuntimePermission modifyThreadGroup)
       (java.lang.RuntimePermission stopThread)
       (java.lang.RuntimePermission loadLibrary.*)
       (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       (java.lang.RuntimePermission accessClassInPackage.sun.audio)
       (java.lang.RuntimePermission modifyThread)
       (java.net.SocketPermission * connect,accept,resolve)
       (java.net.SocketPermission localhost:1024- listen,resolve)
       (java.util.PropertyPermission java.class.path read)
       (java.util.PropertyPermission user.name read)
       (java.util.PropertyPermission java.vendor read)
       (java.util.PropertyPermission java.specification.version read)
       (java.util.PropertyPermission line.separator read)
       (java.util.PropertyPermission java.class.version read)
       (java.util.PropertyPermission java.specification.name read)
       (java.util.PropertyPermission java.vendor.url read)
       (java.util.PropertyPermission java.vm.version read)
       (java.util.PropertyPermission os.name read)
       (java.util.PropertyPermission os.arch read)
       (java.util.PropertyPermission java.home read)
       (java.util.PropertyPermission os.version read)
       (java.util.PropertyPermission java.version read)
       (java.util.PropertyPermission java.vm.specification.version read)
       (java.util.PropertyPermission user.dir read)
       (java.util.PropertyPermission java.vm.specification.name read)
       (java.util.PropertyPermission java.specification.vendor read)
       (java.util.PropertyPermission java.vm.vendor read)
       (java.util.PropertyPermission file.separator read)
       (java.util.PropertyPermission path.separator read)
       (java.util.PropertyPermission user.home read)
       (java.util.PropertyPermission java.vm.name read)
       (java.util.PropertyPermission java.vm.specification.vendor read)
      )


      java.security.AccessControlException: access denied
      (javax.security.auth.AuthPermission getLoginConfiguration)
      at java.security.AccessControlContext.checkPermission
      (AccessControlContext.java:272)
      at java.security.AccessController.checkPermission
      (AccessController.java:399)
      at TestLogin.main(TestLogin.java:17)


      --- Begin TestLogin.java
      import java.security.*;
      import javax.security.auth.*;

      public class TestLogin
      {
          public static void main(String[] args) throws Exception
          {
              System.setProperty("java.security.policy", "policy");
              System.out.println("java.security.manager = "+System.getProperty
      ("java.security.manager"));
              Permission p = new AuthPermission("getLoginConfiguration");
              AccessController.checkPermission(p);
          }
      }

      The policy file simply grants all permissions:
      emacs: test 593>cat policy
      grant {
      permission java.security.AllPermission;
      };
      (Review ID: 117877)
      ======================================================================

      Attachments

        Activity

          People

            rmartisunw Ramachandran Marti (Inactive)
            kryansunw Kevin Ryan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: