-
Bug
-
Resolution: Future Project
-
P4
-
None
-
5.0
-
None
-
sparc
-
solaris_9
Deserialization of TimeZone object requires extra security permission
java.lang.RuntimePermission "accessClassInPackage.sun.util.calendar"
Here is an example:
import java.io.*;
import java.util.*;
public class TimeZoneTest {
public static void main(String[] args) throws Exception {
TimeZone zone = TimeZone.getTimeZone("PST");
ByteArrayOutputStream bout = new ByteArrayOutputStream();
ObjectOutputStream os = new ObjectOutputStream(bout);
os.writeObject(zone);
os.flush();
os.close();
byte[] bytes = bout.toByteArray();
ObjectInputStream input = new ObjectInputStream(new ByteArrayInputStream(bytes));
TimeZone zone2 = (TimeZone) input.readObject();
System.out.println(zone.hasSameRules(zone2));
}
}
Here is the command and output for running with the default security policy:
/java/re/j2se/1.5/archive/fcs/binaries/solaris-sparc/bin/java -Djava.security.manager -classpath . TimeZoneTest
Exception in thread "main" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.util.calendar)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:574)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1538)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1460)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1693)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
at TimeZoneTest.main(TimeZoneTest.java:14)
java.lang.RuntimePermission "accessClassInPackage.sun.util.calendar"
Here is an example:
import java.io.*;
import java.util.*;
public class TimeZoneTest {
public static void main(String[] args) throws Exception {
TimeZone zone = TimeZone.getTimeZone("PST");
ByteArrayOutputStream bout = new ByteArrayOutputStream();
ObjectOutputStream os = new ObjectOutputStream(bout);
os.writeObject(zone);
os.flush();
os.close();
byte[] bytes = bout.toByteArray();
ObjectInputStream input = new ObjectInputStream(new ByteArrayInputStream(bytes));
TimeZone zone2 = (TimeZone) input.readObject();
System.out.println(zone.hasSameRules(zone2));
}
}
Here is the command and output for running with the default security policy:
/java/re/j2se/1.5/archive/fcs/binaries/solaris-sparc/bin/java -Djava.security.manager -classpath . TimeZoneTest
Exception in thread "main" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.util.calendar)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:574)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1538)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1460)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1693)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
at TimeZoneTest.main(TimeZoneTest.java:14)