Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151070

Unable to execute trusted code from Java Web Start application using Nashorn script engine

XMLWordPrintable

    • x86
    • windows_10

      FULL PRODUCT VERSION :
      java version "1.8.0_74"
      Java(TM) SE Runtime Environment (build 1.8.0_74-b02)
      Java HotSpot(TM) 64-Bit Server VM (build 25.74-b02, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 10.0.10586]

      A DESCRIPTION OF THE PROBLEM :
      We are unable to call privileged code in trusted JWS application in JRE 8 from Nashorn script engine. After upgrading to JRE 1.8 our Pivot applications deployed using JWS started showing security warning and exceptions, details are described here: https://issues.apache.org/jira/browse/PIVOT-965
       
      I created simple testing application to examine the problem: https://github.com/kaja78/jnlpScripting
       
      It seems, that core of the problem is in calling privileged methods from Nashorn ScriptEngine in JRE 1.8 (which replaced Nashorn in JRE 1.7). The problem can be observed in non-pivot testing application https://github.com/kaja78/jnlpScripting/blob/master/jnlpScripting/src/org/kh/jnlpScripting/Main.java. The call to doPrivilegedAction() from Java code works as expected, when called from ScriptEngine it shows security dialog (when trying to create HTTPConnection) and throws SecurityException (when trying to change value of private field using reflection).
       
      When running the same application from JRE 1.7 or adding Rhino script engine jars to JNLP file everything works as expected.

      REGRESSION. Last worked in version 7u80

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Build testing app and launch it using jnlpScripting.jnlp.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Error stack trace in Java Web Start Console.
      ACTUAL -
      Using script engine: jdk.nashorn.api.scripting.NashornScriptEngine
      Executing doPrivilegedAction() from java code.
      Connected using HTTP. Content length: 120
      Value of private field changed.
      Executing doPrivilegedAction() from ScriptEngine.
      Connected using HTTP. Content length: 120
      java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(Unknown Source)
      at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
      at org.kh.jnlpScripting.PrivilegedActions.changeValueOfPrivateField(PrivilegedActions.java:17)
      at org.kh.jnlpScripting.Main.doPrivilegedAction(Main.java:35)
      at jdk.nashorn.internal.scripts.Script$3$\^eval\_.:program(<eval>:1)
      at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:623)
      at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
      at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
      at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:446)
      at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:403)
      at jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:399)
      at jdk.nashorn.api.scripting.NashornScriptEngine.eval(NashornScriptEngine.java:155)
      at javax.script.AbstractScriptEngine.eval(Unknown Source)
      at org.kh.jnlpScripting.Main.main(Main.java:26)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at com.sun.javaws.Launcher.executeApplication(Unknown Source)
      at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
      at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
      at com.sun.javaws.Launcher.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)


      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      public static void main(String[] args) {
      Main main=new Main();
      ScriptEngine scriptEngine=new ScriptEngineManager().getEngineByName("javascript");
      System.out.println("Using script engine: "+scriptEngine.getClass().getName());
      scriptEngine.put("main", main);

      System.out.println("Executing doPrivilegedAction() from java code.");
      try {
      main.doPrivilegedAction();
      } catch (Exception e) {
      e.printStackTrace();
      }

      System.out.println("Executing doPrivilegedAction() from ScriptEngine.");
      try {
      scriptEngine.eval(NASHORN_COMPAT_SCRIPT);
      scriptEngine.eval("main.doPrivilegedAction()");
      } catch (Exception e) {
      e.printStackTrace();
      }
      }
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Deploy signed Rhino script engine libraries as part of Java Webstart application.

            herrick Andy Herrick (Inactive)
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: