Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6950735

Got security dialog while running a groovy script

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: P4 P4
    • 7-pool
    • 6u20
    • deploy

      J2SE Version (please include all output from java -version flag):

      java version "1.6.0_20"
      Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
      Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)

      Does this problem occur on J2SE 1.4.x or 5.0.x ? Yes / No (pick one)

      N/A

      Operating System Configuration Information (be specific):
      Windows Vista Business SP2

      Hardware Configuration Information (be specific):
      HP Pavillion dv9000
      Windows Vista Business SP1 32 bit
      3 GB RAM
      Intel Core 2 Duo T9300



      Bug Description:

      Hey guys, I got a tricky one for you. It is not too critical, but something you should know about.

      The "error" I am reporting is that I get presented a security dialog when I don't think I should.

      The situation is a bit complicated. I am running a groovy script from within my webstart launched application. However, I had to jump through a few hoops to restrict the groovy script's access to the system. One of those hoops is this:

      protected void execute() {
      <snip>
      AccessController.doPrivileged(action, new AccessControlContext(new ProtectionDomain[]{
      new ProtectionDomain(new CodeSource(null, (Certificate[]) null), createPermissions())
      }));
      <snip>
      }

      private static Permissions createPermissions() {
      Permissions ps = new Permissions();
      ps.add(new GroovyCodeSourcePermission(GROOVY_CODE_SOURCE_STRING));
      ps.add(new FilePermission("<<ALL FILES>>", "read"));
      ps.add(new FilePermission("<<ALL FILES>>", "write"));
      ps.add(new FilePermission("<<ALL FILES>>", "execute"));
      ps.add(new RuntimePermission("accessDeclaredMembers"));
      return ps;
      }

      I believe that the jar file is checked in this thread, but because of the access restriction it brings up a warning dialog.

      It also seems a bit odd to me that this is happening at this time since some classes in the groovy-all.jar file have already been accessed by this point.

      Saying "no" in the dialog seems to have no effect on the script and it still runs correctly.


      Steps to Reproduce (be specific):

      For this stack trace, I said "no" in the security dialog to force the error. I also had some tracing going on, so what the other output is from. I just copied some stuff from my console. Since the trace logs are not timestamped, I couldn't really tell which trace messages where relevant.

      security: JAVAWS AppPolicy Permission requested for: http://frisky.dev.donnell.com:8409/JViewer/lib/other/groovy-all.jar
      security: Istrusted: http://frisky.dev.donnell.com:8409/JViewer/jnlp/viewer.jnlp true
       11:01:23[00003:-1] dsi.ext.documentadmin.client.criteria.groovy.ActRunGroovy.execute(ActRunGroovy.java:64)Security Manager is class com.sun.javaws.security.JavaWebStartSecurity
      network: Connecting http://frisky.dev.donnell.com/crossdomain.xml with proxy=DIRECT
      network: Connecting socket://frisky.dev.donnell.com:80 with proxy=DIRECT
      java.security.PrivilegedActionException: java.net.ConnectException: Connection refused: connect
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
      at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
      at com.sun.javaws.security.JavaWebStartSecurity.checkConnect(Unknown Source)
      at com.sun.deploy.security.DeployURLClassPath.check(Unknown Source)
      at com.sun.deploy.security.DeployURLClassPath.checkURL(Unknown Source)
      at java.net.URLClassLoader$3.next(Unknown Source)
      at java.net.URLClassLoader$3.hasMoreElements(Unknown Source)
      at sun.misc.CompoundEnumeration.next(Unknown Source)
      at sun.misc.CompoundEnumeration.hasMoreElements(Unknown Source)
      at sun.misc.CompoundEnumeration.next(Unknown Source)
      at sun.misc.CompoundEnumeration.hasMoreElements(Unknown Source)
      at sun.misc.CompoundEnumeration.next(Unknown Source)
      at sun.misc.CompoundEnumeration.hasMoreElements(Unknown Source)
      at org.codehaus.groovy.transform.ASTTransformationVisitor.doAddGlobalTransforms(ASTTransformationVisitor.java:196)
      at org.codehaus.groovy.transform.ASTTransformationVisitor.addGlobalTransforms(ASTTransformationVisitor.java:188)
      at org.codehaus.groovy.transform.ASTTransformationVisitor.addPhaseOperations(ASTTransformationVisitor.java:151)
      at org.codehaus.groovy.control.CompilationUnit.<init>(CompilationUnit.java:183)
      at org.codehaus.groovy.control.CompilationUnit.<init>(CompilationUnit.java:112)
      at groovy.lang.GroovyClassLoader.createCompilationUnit(GroovyClassLoader.java:456)
      at dsi.ext.documentadmin.client.criteria.groovy.SecureGroovyClassLoader.createCompilationUnit(SecureGroovyClassLoader.java:58)
      at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:279)
      at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:262)
      at dsi.ext.documentadmin.client.criteria.groovy.ActRunGroovy$RunGroovy.loadUtilsClass(ActRunGroovy.java:118)
      at dsi.ext.documentadmin.client.criteria.groovy.ActRunGroovy$RunGroovy.run(ActRunGroovy.java:124)
      at dsi.ext.documentadmin.client.criteria.groovy.ActRunGroovy$RunGroovy.run(ActRunGroovy.java:98)
      at java.security.AccessController.doPrivileged(Native Method)
      at dsi.ext.documentadmin.client.criteria.groovy.ActRunGroovy.execute(ActRunGroovy.java:76)
      at dsi.client.request.AbstractRequest.processBackground(AbstractRequest.java:562)
      at dsi.client.request.AbstractRequest.call(AbstractRequest.java:170)
      at dsi.client.request.AbstractRequest.call(AbstractRequest.java:26)
      at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
      at java.util.concurrent.FutureTask.run(Unknown Source)
      at dsi.client.request.FutureAction.run(FutureAction.java:27)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Caused by: java.net.ConnectException: Connection refused: connect
      at java.net.PlainSocketImpl.socketConnect(Native Method)
      at java.net.PlainSocketImpl.doConnect(Unknown Source)
      at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
      at java.net.PlainSocketImpl.connect(Unknown Source)
      at java.net.SocksSocketImpl.connect(Unknown Source)
      at java.net.Socket.connect(Unknown Source)
      at java.net.Socket.connect(Unknown Source)
      at sun.net.NetworkClient.doConnect(Unknown Source)
      at sun.net.www.http.HttpClient.openServer(Unknown Source)
      at sun.net.www.http.HttpClient.openServer(Unknown Source)
      at sun.net.www.http.HttpClient.&lt;init&gt;(Unknown Source)
      at sun.net.www.http.HttpClient.New(Unknown Source)
      at sun.net.www.http.HttpClient.New(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
      at com.sun.deploy.net.CrossDomainXML$2.run(Unknown Source)
      ... 37 more

            herrick Andy Herrick (Inactive)
            tyao Ting-Yun Ingrid Yao (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: