-
Bug
-
Resolution: Not an Issue
-
P3
-
6
-
None
-
generic
-
generic
I encountered two problems when using a codebase with a trailing
"/-" in policy files in the Linux and Win32 platforms. Everything
works fine on Solaris/SPARC.
* Problem 1 (JDK on Linux only)
I use in my example code the following policy file:
grant codeBase "file:/-" {
permission java.util.PropertyPermission "user.dir", "read";
};
Let's say that Test.java runs with the following codebase
"file:/home/java/JAVA/PolicyFileSyntax/" and requires the
java permission to read the "user.dir" system property.
I run the program and I get the exception:
java.security.AccessControlException:
access denied (java.util.PropertyPermission user.dir read)
because the codesource matching fails due to a "/" being added
to "file:/-", i.e. the codebase becomes "file:/-/",
policy: evaluate codesources:
Policy CodeSource: (file:/-/ <no signer certificates>)
Active CodeSource: (file:/home/java/JAVA/PolicyFileSyntax/
<no signer certificates>)
policy: evaluation (codesource) failed
See test case in attachment.
* Problem 2 (JDK on Win32 only)
I run a program which performs some operations which cross several codebases,
let's say "file:/C:/testApplication/" and "file:/D:/testResources/".
I define the policy file (located in the C: drive) as follows:
grant codeBase "file:/-" {
<some permissions>
};
Apparently, when performing the evaluation of the codesources "file:/-"
is converted into "file:/C:/-" being C: the drive where the policy file
is located. The application fails with a security exception because the
"file:/D:/testResources" needs the java permission but the codesource
matching between "file:/-" (i.e. "file:/C:/-") and "file:/D:/testResources"
fails.
policy: evaluate codesources:
Policy CodeSource: (file:/C:/- <no signer certificates>)
Active CodeSource: (file:/C:/testApplication/ <no signer certificates>)
policy: evaluation (codesource) passed
policy: evaluate codesources:
Policy CodeSource: (file:/C:/- <no signer certificates>)
Active CodeSource: (file:/D:/testResources/ <no signer certificates>)
policy: evaluation (codesource) failed
I was expecting "file:/-" in a Win32 policy file to match all files (both class
and JAR files) in the directory and recursively all files in subdirectories contained
in that directory for all disk and network drives currently mapped.
###@###.### 2005-06-16 07:20:15 GMT
"/-" in policy files in the Linux and Win32 platforms. Everything
works fine on Solaris/SPARC.
* Problem 1 (JDK on Linux only)
I use in my example code the following policy file:
grant codeBase "file:/-" {
permission java.util.PropertyPermission "user.dir", "read";
};
Let's say that Test.java runs with the following codebase
"file:/home/java/JAVA/PolicyFileSyntax/" and requires the
java permission to read the "user.dir" system property.
I run the program and I get the exception:
java.security.AccessControlException:
access denied (java.util.PropertyPermission user.dir read)
because the codesource matching fails due to a "/" being added
to "file:/-", i.e. the codebase becomes "file:/-/",
policy: evaluate codesources:
Policy CodeSource: (file:/-/ <no signer certificates>)
Active CodeSource: (file:/home/java/JAVA/PolicyFileSyntax/
<no signer certificates>)
policy: evaluation (codesource) failed
See test case in attachment.
* Problem 2 (JDK on Win32 only)
I run a program which performs some operations which cross several codebases,
let's say "file:/C:/testApplication/" and "file:/D:/testResources/".
I define the policy file (located in the C: drive) as follows:
grant codeBase "file:/-" {
<some permissions>
};
Apparently, when performing the evaluation of the codesources "file:/-"
is converted into "file:/C:/-" being C: the drive where the policy file
is located. The application fails with a security exception because the
"file:/D:/testResources" needs the java permission but the codesource
matching between "file:/-" (i.e. "file:/C:/-") and "file:/D:/testResources"
fails.
policy: evaluate codesources:
Policy CodeSource: (file:/C:/- <no signer certificates>)
Active CodeSource: (file:/C:/testApplication/ <no signer certificates>)
policy: evaluation (codesource) passed
policy: evaluate codesources:
Policy CodeSource: (file:/C:/- <no signer certificates>)
Active CodeSource: (file:/D:/testResources/ <no signer certificates>)
policy: evaluation (codesource) failed
I was expecting "file:/-" in a Win32 policy file to match all files (both class
and JAR files) in the directory and recursively all files in subdirectories contained
in that directory for all disk and network drives currently mapped.
###@###.### 2005-06-16 07:20:15 GMT