In 8u25, it seems that if our application ClassLoader is involved in the Permission check of a web font, then we need to grant "AllPermissions" to our application code to get this to work with the security manager on. It it not acceptable for us to grant this to the code that launches the WebView.
For example, go here "http://fortawesome.github.io/Font-Awesome/icons/"
The web font works fine with security manager off; but it shows the wrong font when the security manager is on (unless we add grant AllPermissions to our appliction).
Here is the security manager debug; we are told that we need to add entry for our "testTest.jar" module which launches the browser (this is an unacceptable thing for us to add to our application):
access: access denied ("java.security.AllPermission" "<all permissions>" "<all actions>")
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1329)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.sun.javafx.application.PlatformImpl.isSupported(PlatformImpl.java:481)
at javafx.application.Platform.isSupported(Platform.java:166)
at javafx.scene.Scene.<init>(Scene.java:329)
at javafx.scene.Scene.<init>(Scene.java:181)
at test.workbench.SimpleSwingBrowser$2.run(SimpleSwingBrowser.java:201)
at com.sun.javafx.application.PlatformImpl.lambda$null$164(PlatformImpl.java:292)
at com.sun.javafx.application.PlatformImpl$$Lambda$107/605914852.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl.lambda$runLater$165(PlatformImpl.java:291)
at com.sun.javafx.application.PlatformImpl$$Lambda$106/677804791.run(Unknown Source)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.lambda$null$141(WinApplication.java:102)
at com.sun.glass.ui.win.WinApplication$$Lambda$98/1683068293.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: access allowed ("java.io.FilePermission" "D:\niagara\r40\niagara_home\modules\testTest.jar" "read")
access: domain that failed ProtectionDomain (file:/d:/niagara/r40/niagara_home/modules/testTest.jar <no signer certificates>)
com.tridium.sys.module.ModuleClassLoader for testTest-Tridium-4.0.1 [sc798w]
<no principals>
java.security.Permissions@177667e5 (
("java.io.FilePermission" "C:\Users\e333930\AppData\Local\Temp\\-" "read,write,delete")
("java.io.FilePermission" "<<ALL FILES>>" "read,write")
(unresolved java.lang.NetPermission getCookieHandler null)
("java.net.SocketPermission" "localhost:0" "listen,resolve")
("java.net.SocketPermission" "*:1-100000" "connect,resolve")
("java.util.logging.LoggingPermission" "control")
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "java.version" "read")
("java.util.PropertyPermission" "os.arch" "read")
("java.util.PropertyPermission" "java.specification.vendor" "read")
("java.util.PropertyPermission" "java.vm.specification.name" "read")
("java.util.PropertyPermission" "*" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "file.separator" "read")
("java.util.PropertyPermission" "line.separator" "read")
("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
("java.util.PropertyPermission" "java.specification.name" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
("java.util.PropertyPermission" "java.vendor" "read")
("java.util.PropertyPermission" "java.vm.version" "read")
("java.util.PropertyPermission" "java.vm.name" "read")
("java.util.PropertyPermission" "java.vm.specification.version" "read")
("java.util.PropertyPermission" "os.name" "read")
("java.util.PropertyPermission" "java.class.version" "read")
("java.lang.RuntimePermission" "accessDeclaredMembers")
("java.lang.RuntimePermission" "accessClassInPackage.sun.util.logging.resources")
("java.lang.RuntimePermission" "exitVM.0")
("java.lang.RuntimePermission" "stopThread")
("java.awt.AWTPermission" "accessClipboard")
("java.awt.AWTPermission" "showWindowWithoutWarningBanner")
)
For example, go here "http://fortawesome.github.io/Font-Awesome/icons/"
The web font works fine with security manager off; but it shows the wrong font when the security manager is on (unless we add grant AllPermissions to our appliction).
Here is the security manager debug; we are told that we need to add entry for our "testTest.jar" module which launches the browser (this is an unacceptable thing for us to add to our application):
access: access denied ("java.security.AllPermission" "<all permissions>" "<all actions>")
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1329)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.sun.javafx.application.PlatformImpl.isSupported(PlatformImpl.java:481)
at javafx.application.Platform.isSupported(Platform.java:166)
at javafx.scene.Scene.<init>(Scene.java:329)
at javafx.scene.Scene.<init>(Scene.java:181)
at test.workbench.SimpleSwingBrowser$2.run(SimpleSwingBrowser.java:201)
at com.sun.javafx.application.PlatformImpl.lambda$null$164(PlatformImpl.java:292)
at com.sun.javafx.application.PlatformImpl$$Lambda$107/605914852.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl.lambda$runLater$165(PlatformImpl.java:291)
at com.sun.javafx.application.PlatformImpl$$Lambda$106/677804791.run(Unknown Source)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.lambda$null$141(WinApplication.java:102)
at com.sun.glass.ui.win.WinApplication$$Lambda$98/1683068293.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: access allowed ("java.io.FilePermission" "D:\niagara\r40\niagara_home\modules\testTest.jar" "read")
access: domain that failed ProtectionDomain (file:/d:/niagara/r40/niagara_home/modules/testTest.jar <no signer certificates>)
com.tridium.sys.module.ModuleClassLoader for testTest-Tridium-4.0.1 [sc798w]
<no principals>
java.security.Permissions@177667e5 (
("java.io.FilePermission" "C:\Users\e333930\AppData\Local\Temp\\-" "read,write,delete")
("java.io.FilePermission" "<<ALL FILES>>" "read,write")
(unresolved java.lang.NetPermission getCookieHandler null)
("java.net.SocketPermission" "localhost:0" "listen,resolve")
("java.net.SocketPermission" "*:1-100000" "connect,resolve")
("java.util.logging.LoggingPermission" "control")
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "java.version" "read")
("java.util.PropertyPermission" "os.arch" "read")
("java.util.PropertyPermission" "java.specification.vendor" "read")
("java.util.PropertyPermission" "java.vm.specification.name" "read")
("java.util.PropertyPermission" "*" "read")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "file.separator" "read")
("java.util.PropertyPermission" "line.separator" "read")
("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
("java.util.PropertyPermission" "java.specification.name" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
("java.util.PropertyPermission" "java.vendor" "read")
("java.util.PropertyPermission" "java.vm.version" "read")
("java.util.PropertyPermission" "java.vm.name" "read")
("java.util.PropertyPermission" "java.vm.specification.version" "read")
("java.util.PropertyPermission" "os.name" "read")
("java.util.PropertyPermission" "java.class.version" "read")
("java.lang.RuntimePermission" "accessDeclaredMembers")
("java.lang.RuntimePermission" "accessClassInPackage.sun.util.logging.resources")
("java.lang.RuntimePermission" "exitVM.0")
("java.lang.RuntimePermission" "stopThread")
("java.awt.AWTPermission" "accessClipboard")
("java.awt.AWTPermission" "showWindowWithoutWarningBanner")
)
- relates to
-
JDK-8091308 Define fine-grained permissions for JavaFX
-
- Resolved
-