-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
9
-
None
-
generic
-
generic
the JCA framework still supports registration of security Providers via legacy mode which uses the classname/classpath approach.
noticed that a few of the providers that ship in the JDK don't load correctly in this mode. Stumbled across this while working onJDK-8155246
ProviderConfig: Error loading legacy provider sun.security.jgss.SunProvider
java.security.PrivilegedActionException: java.lang.IllegalAccessException: class sun.security.jca.ProviderConfig$ProviderLoader$1 (in module java.base) cannot access class sun.security.jgss.SunProvider (in module java.security.jgss) because module java.security.jgss does not export sun.security.jgss to module java.base
at java.base/java.security.AccessController.doPrivileged(AccessController.java:575)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.legacyLoad(ProviderConfig.java:404)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.load(ProviderConfig.java:369)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:254)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
at java.base/sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:248)
at java.base/sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:226)
at java.base/sun.security.jca.ProviderList.loadAll(ProviderList.java:319)
at java.base/sun.security.jca.ProviderList.removeInvalid(ProviderList.java:336)
at java.base/sun.security.jca.Providers.getFullProviderList(Providers.java:186)
at java.base/java.security.Security.getProviders(Security.java:437)
===
ProviderConfig: Loading legacy provider: com.sun.security.sasl.Provider
ProviderConfig: Error loading legacy provider com.sun.security.sasl.Provider
java.security.PrivilegedActionException: java.lang.IllegalAccessException: class sun.security.jca.ProviderConfig$ProviderLoader$1 (in module java.base) cannot access class com.sun.security.sasl.Provider (in module java.security.sasl) because module java.security.sasl does not export com.sun.security.sasl to module java.base
at java.base/java.security.AccessController.doPrivileged(AccessController.java:575)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.legacyLoad(ProviderConfig.java:404)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.load(ProviderConfig.java:369)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:254)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
======
copy of the java.security properties file that's used in such scenario:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ssl.SunJSSE
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
noticed that a few of the providers that ship in the JDK don't load correctly in this mode. Stumbled across this while working on
ProviderConfig: Error loading legacy provider sun.security.jgss.SunProvider
java.security.PrivilegedActionException: java.lang.IllegalAccessException: class sun.security.jca.ProviderConfig$ProviderLoader$1 (in module java.base) cannot access class sun.security.jgss.SunProvider (in module java.security.jgss) because module java.security.jgss does not export sun.security.jgss to module java.base
at java.base/java.security.AccessController.doPrivileged(AccessController.java:575)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.legacyLoad(ProviderConfig.java:404)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.load(ProviderConfig.java:369)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:254)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
at java.base/sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:248)
at java.base/sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:226)
at java.base/sun.security.jca.ProviderList.loadAll(ProviderList.java:319)
at java.base/sun.security.jca.ProviderList.removeInvalid(ProviderList.java:336)
at java.base/sun.security.jca.Providers.getFullProviderList(Providers.java:186)
at java.base/java.security.Security.getProviders(Security.java:437)
===
ProviderConfig: Loading legacy provider: com.sun.security.sasl.Provider
ProviderConfig: Error loading legacy provider com.sun.security.sasl.Provider
java.security.PrivilegedActionException: java.lang.IllegalAccessException: class sun.security.jca.ProviderConfig$ProviderLoader$1 (in module java.base) cannot access class com.sun.security.sasl.Provider (in module java.security.sasl) because module java.security.sasl does not export com.sun.security.sasl to module java.base
at java.base/java.security.AccessController.doPrivileged(AccessController.java:575)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.legacyLoad(ProviderConfig.java:404)
at java.base/sun.security.jca.ProviderConfig$ProviderLoader.load(ProviderConfig.java:369)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:254)
at java.base/sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:248)
======
copy of the java.security properties file that's used in such scenario:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ssl.SunJSSE
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
- relates to
-
JDK-8155246 Throw error if default java.security file is missing
-
- Resolved
-