-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
8
-
b71
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
1.8.0_31
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Turkish language
A DESCRIPTION OF THE PROBLEM :
When changing security file implementations from Java 7 to 8, ConfigFile's Spi class introduces an OS language specific bug when parsing controlFlags.
This is specifically on OpenJDK's line 454 of sun.security.provider.ConfigFile.java
The problem is the .toUpperCase, which is provided no Locale. This specifically poses a problem in Turkish systems, where the Turkish locale will uppercase 'i' to 'Ý'.
The larger stack trace is:
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
...
This issue can be addressed by ensuring that we upper case with the English locale, since the values we are comparing against are in English.
REGRESSION. Last worked in version 7u65
ADDITIONAL REGRESSION INFORMATION:
1.7.0_60
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Create a Turkish based Windows OS
2) Create a security config file with a property that is "required"
3) Attempt to use sun auth with that config file
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The property should be properly read
ACTUAL -
The property is not properly read, and the following is thrown:
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
You'll need to create something that uses sun auth with a config file. No easy solutions for this on hand, but you can look at Jaas for doing this.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None currently for our environment.
1.8.0_31
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Turkish language
A DESCRIPTION OF THE PROBLEM :
When changing security file implementations from Java 7 to 8, ConfigFile's Spi class introduces an OS language specific bug when parsing controlFlags.
This is specifically on OpenJDK's line 454 of sun.security.provider.ConfigFile.java
The problem is the .toUpperCase, which is provided no Locale. This specifically poses a problem in Turkish systems, where the Turkish locale will uppercase 'i' to 'Ý'.
The larger stack trace is:
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
...
This issue can be addressed by ensuring that we upper case with the English locale, since the values we are comparing against are in English.
REGRESSION. Last worked in version 7u65
ADDITIONAL REGRESSION INFORMATION:
1.7.0_60
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Create a Turkish based Windows OS
2) Create a security config file with a property that is "required"
3) Attempt to use sun auth with that config file
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The property should be properly read
ACTUAL -
The property is not properly read, and the following is thrown:
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.SecurityException: java.io.IOException: Configuration Error:
Invalid control flag, REQUÝRED
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:98)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
You'll need to create something that uses sun auth with a config file. No easy solutions for this on hand, but you can look at Jaas for doing this.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
None currently for our environment.
- duplicates
-
-
- Closed
-