Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8154009

Some methods of java.security.Security require more permissions, than necessary

    XMLWordPrintable

Details

    Backports

      Description

        If I use getProviders method from java.security.Security class with Security manager, I would have to specify following permissions:

        grant codeBase "file:${{java.ext.dirs}}/*" {
                permission java.lang.RuntimePermission "loadLibrary.*";
                permission java.io.FilePermission "<<ALL FILES>>", "read";
                permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
        };

        Same is applicable to addProvider method.
        That is, above mentioned permissions should be added to the SecurityPermission("insertProvider."+provider.getName()) mentioned in the specification.

        Those additional permissions are present in java.policy file stored inside JDK. But it looks rather strange to me that simple request to getProviders would work only if I explicitly allow to load full list of providers.

        This problem can be identified only if we switch-off usage of policy file declared in standard JDK. To do so, we need to call java like the following:
        <JDK_path>/bin/java -Djava.security.manager -Dpolicy==<policy_file>

        Attachments

          Issue Links

            Activity

              People

                akosarev Artem Kosarev (Inactive)
                akosarev Artem Kosarev (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: