Details
-
Bug
-
Status: Resolved
-
P3
-
Resolution: Fixed
-
6, 7, 8
-
b01
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8163702 | 8u121 | Artem Kosarev | P3 | Resolved | Fixed | b01 |
| JDK-8167828 | emb-8u121 | Gary Adams | P3 | Resolved | Fixed | b01 |
Description
If I use getProviders method from java.security.Security class with Security manager, I would have to specify following permissions:
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
};
Same is applicable to addProvider method.
That is, above mentioned permissions should be added to the SecurityPermission("insertProvider."+provider.getName()) mentioned in the specification.
Those additional permissions are present in java.policy file stored inside JDK. But it looks rather strange to me that simple request to getProviders would work only if I explicitly allow to load full list of providers.
This problem can be identified only if we switch-off usage of policy file declared in standard JDK. To do so, we need to call java like the following:
<JDK_path>/bin/java -Djava.security.manager -Dpolicy==<policy_file>
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
};
Same is applicable to addProvider method.
That is, above mentioned permissions should be added to the SecurityPermission("insertProvider."+provider.getName()) mentioned in the specification.
Those additional permissions are present in java.policy file stored inside JDK. But it looks rather strange to me that simple request to getProviders would work only if I explicitly allow to load full list of providers.
This problem can be identified only if we switch-off usage of policy file declared in standard JDK. To do so, we need to call java like the following:
<JDK_path>/bin/java -Djava.security.manager -Dpolicy==<policy_file>
Attachments
Issue Links
- backported by
-
JDK-8163702 Some methods of java.security.Security require more permissions, than necessary
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-