Date: Wed, 18 Feb 2004 17:30:57 -0800
From: <###@###.###>
Subject: about the Enum changes
Sender: ###@###.###
Hi,
One of the security regression test failed with AccessControlException due to the following fixes:
4945532: bring enum implementation up-to-date with its specenum 4948640: deserialization should use Enum.valueOf(Class, String)
Here is the stacktrace:
java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
at java.security.AccessController.checkPermission(AccessController.java:
425)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.jav
a:107)
at java.lang.Class.getEnumConstants(Class.java:2405)
at java.lang.Enum.valueOf(Enum.java:182)
at java.io.ObjectInputStream.readEnum(ObjectInputStream.java:1660)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1293)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
09)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
710)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
09)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
710)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
at Serial.main(Serial.java:38)
None of the public methods in the stacktrace, i.e. Class.getEnumConstrants(), Enum.valueOf(), and ObjectInputStream.readObject(), documents the AccessControlException.
It seems either Enum.valueOf() or ObjectInputStream.readObject()
should use doPrivileged block to handle this so the caller apps
are not required to manually change their security policy when
migrating to 1.5.
I will probably file a bug on this within the next two or three days.
Please comment if such behavior is intentional.
From: <###@###.###>
Subject: about the Enum changes
Sender: ###@###.###
Hi,
One of the security regression test failed with AccessControlException due to the following fixes:
4945532: bring enum implementation up-to-date with its specenum 4948640: deserialization should use Enum.valueOf(Class, String)
Here is the stacktrace:
java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
at java.security.AccessController.checkPermission(AccessController.java:
425)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.jav
a:107)
at java.lang.Class.getEnumConstants(Class.java:2405)
at java.lang.Enum.valueOf(Enum.java:182)
at java.io.ObjectInputStream.readEnum(ObjectInputStream.java:1660)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1293)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
09)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
710)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
09)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
710)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
at Serial.main(Serial.java:38)
None of the public methods in the stacktrace, i.e. Class.getEnumConstrants(), Enum.valueOf(), and ObjectInputStream.readObject(), documents the AccessControlException.
It seems either Enum.valueOf() or ObjectInputStream.readObject()
should use doPrivileged block to handle this so the caller apps
are not required to manually change their security policy when
migrating to 1.5.
I will probably file a bug on this within the next two or three days.
Please comment if such behavior is intentional.
- duplicates
-
JDK-5001813 Regression-test java/security/KeyRep/Serial.java fails
-
- Closed
-
- relates to
-
-
- Closed
-