-
Bug
-
Resolution: Not an Issue
-
P3
-
6u20
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
I was told that when using the trusted-library=true option in the manifest for our main class that it would be possible to use none signed jars from extensions by using Class.forName with the context classloader, I tried this by using this code:
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
Debug.error("plugin class:" + clazzName.trim() + " is trying to be loaded through the context classloader: " + contextClassLoader +
" in the thread: " + Thread.currentThread().getName() + " trusted classloader is: " + getClass().getClassLoader());
loadClientPlugin(Class.forName(clazzName.trim(), true, contextClassLoader));
But that still shows up the mixed code dialog:
thread: pool-1-thread-1 trusted classloader is: com.sun.jnlp.JNLPClassLoader@188d92e
ERROR - Debug - Error occured loading client plugin class com.servoy.extensions.plugins.scheduler.SchedulerPlugin, error: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
ERROR - Debug - Throwable
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at com.servoy.j2db.plugins.PluginManager.loadClientPlugins(Unknown Source)
i got the source of the u20 build and i think that it is this code that is run: (from class CPCallbackHandler$ParentCallback.)
private synchronized void check(URL url, boolean trusted) {
boolean maybeTrustedChild = trustedChild;
boolean maybeUntrustedChild = untrustedChild;
if (!trusted && trustedOnly) {
throw new SecurityException("Trusted-Only loader attempted to load sandboxed resource from " + url);
}
if (trusted) {
maybeTrustedChild = true;
} else {
maybeUntrustedChild = true;
}
if (maybeTrustedChild && maybeUntrustedChild) {
String msg = checkAllowed(url, maybeTrustedChild && trustedChild);
if (msg != null) {
throw new SecurityException(msg);
}
so for me this is true:
if (maybeTrustedChild && maybeUntrustedChild)
then it goes into checkAllowed:
private String checkAllowed(URL url, boolean wasTrusted) {
if (checkMixedTrust) {
int result = showMixedTrustDialog();
if (result == UIFactory.CANCEL) {
allowMixedTrust = true;
}
checkMixedTrust = false;
}
if (!allowMixedTrust) {
if (wasTrusted) {
return "trusted loader attempted to load sandboxed resource from " + url;
} else {
return "sandboxed loader attempted to load trusted resource from " + url;
}
}
return null;
}
}
with wasTrusted == true
and then checkMixedTrust is true because i have the default config setting:
private ParentCallback() {
if (Config.getMixcodeValue() == Config.MIXCODE_ENABLE) {
checkMixedTrust = true;
}
So if it comes into checkAllowed() then it will always show me the dialog when i have default setting.
So or i dont have to get into that checkAllowed method but then the 2 booleans shouldnt somehow be true in my case
or checkAllowed shouldnt know that it is a trusted-lib that calls a untrusted class through its own classloader and that should be allowed...
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a signed jar with trusted-library manifest entry should be able to load unsigned content when it chooses to do it through Class.forName and a special classloader
ACTUAL -
Still the dialog is shown.
REPRODUCIBILITY :
This bug can be reproduced always.
SUPPORT :
YES
Release Regression From : 6u18
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
I was told that when using the trusted-library=true option in the manifest for our main class that it would be possible to use none signed jars from extensions by using Class.forName with the context classloader, I tried this by using this code:
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
Debug.error("plugin class:" + clazzName.trim() + " is trying to be loaded through the context classloader: " + contextClassLoader +
" in the thread: " + Thread.currentThread().getName() + " trusted classloader is: " + getClass().getClassLoader());
loadClientPlugin(Class.forName(clazzName.trim(), true, contextClassLoader));
But that still shows up the mixed code dialog:
thread: pool-1-thread-1 trusted classloader is: com.sun.jnlp.JNLPClassLoader@188d92e
ERROR - Debug - Error occured loading client plugin class com.servoy.extensions.plugins.scheduler.SchedulerPlugin, error: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
ERROR - Debug - Throwable
java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at com.servoy.j2db.plugins.PluginManager.loadClientPlugins(Unknown Source)
i got the source of the u20 build and i think that it is this code that is run: (from class CPCallbackHandler$ParentCallback.)
private synchronized void check(URL url, boolean trusted) {
boolean maybeTrustedChild = trustedChild;
boolean maybeUntrustedChild = untrustedChild;
if (!trusted && trustedOnly) {
throw new SecurityException("Trusted-Only loader attempted to load sandboxed resource from " + url);
}
if (trusted) {
maybeTrustedChild = true;
} else {
maybeUntrustedChild = true;
}
if (maybeTrustedChild && maybeUntrustedChild) {
String msg = checkAllowed(url, maybeTrustedChild && trustedChild);
if (msg != null) {
throw new SecurityException(msg);
}
so for me this is true:
if (maybeTrustedChild && maybeUntrustedChild)
then it goes into checkAllowed:
private String checkAllowed(URL url, boolean wasTrusted) {
if (checkMixedTrust) {
int result = showMixedTrustDialog();
if (result == UIFactory.CANCEL) {
allowMixedTrust = true;
}
checkMixedTrust = false;
}
if (!allowMixedTrust) {
if (wasTrusted) {
return "trusted loader attempted to load sandboxed resource from " + url;
} else {
return "sandboxed loader attempted to load trusted resource from " + url;
}
}
return null;
}
}
with wasTrusted == true
and then checkMixedTrust is true because i have the default config setting:
private ParentCallback() {
if (Config.getMixcodeValue() == Config.MIXCODE_ENABLE) {
checkMixedTrust = true;
}
So if it comes into checkAllowed() then it will always show me the dialog when i have default setting.
So or i dont have to get into that checkAllowed method but then the 2 booleans shouldnt somehow be true in my case
or checkAllowed shouldnt know that it is a trusted-lib that calls a untrusted class through its own classloader and that should be allowed...
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
a signed jar with trusted-library manifest entry should be able to load unsigned content when it chooses to do it through Class.forName and a special classloader
ACTUAL -
Still the dialog is shown.
REPRODUCIBILITY :
This bug can be reproduced always.
SUPPORT :
YES
Release Regression From : 6u18
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- duplicates
-
-
- Closed
-