Details
-
Bug
-
Resolution: Fixed
-
P3
-
9, 10, 11, 12, 13
-
b12
-
x86_64
-
windows_10
-
Not verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8220782 | 12.0.2 | Sean Mullan | P3 | Resolved | Fixed | b01 |
| JDK-8259879 | 11.0.13-oracle | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
| JDK-8221990 | 11.0.4 | Adam Farley | P3 | Resolved | Fixed | b01 |
Description
ADDITIONAL SYSTEM INFORMATION :
We found the problem in Java 11.0.1 and it is still present 11.0.2. We can reproduce it on Windows 10, didn't try other OS.
Bug is present in early adopter Versions of Java 12 and Java 13.
A DESCRIPTION OF THE PROBLEM :
Running a Java program with a JDK that is addressed with a UNC path, the program fails upon the initialization of the SecurityManager when the default.policy file is loaded.
The reason is in the code for loading the policy file, it ignores the host part of the UNC path and the file is addressed as a local file and therefore cannot be found.
The Problem is in the PolicyUtil class, in the method getInputStream(URL). Here is the method for reference:
/*
* Fast path reading from file urls in order to avoid calling
* FileURLConnection.connect() which can be quite slow the first time
* it is called. We really should clean up FileURLConnection so that
* this is not a problem but in the meantime this fix helps reduce
* start up time noticeably for the new launcher. -- DAC
*/
public static InputStream getInputStream(URL url) throws IOException {
if ("file".equals(url.getProtocol())) {
String path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
return new FileInputStream(path);
} else {
return url.openStream();
}
}
The url.getFile() part ignores the host part of the UNC path.
REGRESSION : Last worked in version 8u202
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Place a JDK on a network device.
2. Create a Java program where the Security Manager is being used. (see executable test case code)
3. Compile the program, place it on your local computer.
4. Run the program using the JDK on the network drive, address it using its UNC name.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program is executed without exception.
ACTUAL -
Exception in thread "main" java.lang.InternalError: Failed to load default.policy
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:553)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:358)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:355)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
at java.base/sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:355)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:345)
at java.base/sun.security.provider.PolicyFile.<init>(PolicyFile.java:298)
at java.base/java.security.Policy.loadPolicyProvider(Policy.java:207)
at java.base/java.security.Policy.getPolicyNoCheck(Policy.java:178)
at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321)
at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353)
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1034)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1324)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
Caused by: java.io.FileNotFoundException: \home\jdk-11\lib\security\default.policy (Das System kann den angegebenen Pfad nicht finden)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:213)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:155)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:110)
at java.base/sun.security.util.PolicyUtil.getInputStream(PolicyUtil.java:60)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:511)
... 17 more
---------- BEGIN SOURCE ----------
// This code should be invoked with a JRE that is located on a network drive addressing it with its UNC name, example call on Windows cmd:
// \\remote.example.com\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
public class PolicyUtilTester
{
public static void main(String[] args){
SecurityManager appsm = System.getSecurityManager();
appsm.checkExit(0);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
If the network drive is mapped, the program can be called this way:
H:\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
In our case this is not a practical solution.
FREQUENCY : always
We found the problem in Java 11.0.1 and it is still present 11.0.2. We can reproduce it on Windows 10, didn't try other OS.
Bug is present in early adopter Versions of Java 12 and Java 13.
A DESCRIPTION OF THE PROBLEM :
Running a Java program with a JDK that is addressed with a UNC path, the program fails upon the initialization of the SecurityManager when the default.policy file is loaded.
The reason is in the code for loading the policy file, it ignores the host part of the UNC path and the file is addressed as a local file and therefore cannot be found.
The Problem is in the PolicyUtil class, in the method getInputStream(URL). Here is the method for reference:
/*
* Fast path reading from file urls in order to avoid calling
* FileURLConnection.connect() which can be quite slow the first time
* it is called. We really should clean up FileURLConnection so that
* this is not a problem but in the meantime this fix helps reduce
* start up time noticeably for the new launcher. -- DAC
*/
public static InputStream getInputStream(URL url) throws IOException {
if ("file".equals(url.getProtocol())) {
String path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
return new FileInputStream(path);
} else {
return url.openStream();
}
}
The url.getFile() part ignores the host part of the UNC path.
REGRESSION : Last worked in version 8u202
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Place a JDK on a network device.
2. Create a Java program where the Security Manager is being used. (see executable test case code)
3. Compile the program, place it on your local computer.
4. Run the program using the JDK on the network drive, address it using its UNC name.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program is executed without exception.
ACTUAL -
Exception in thread "main" java.lang.InternalError: Failed to load default.policy
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:553)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:358)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:355)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
at java.base/sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:355)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:345)
at java.base/sun.security.provider.PolicyFile.<init>(PolicyFile.java:298)
at java.base/java.security.Policy.loadPolicyProvider(Policy.java:207)
at java.base/java.security.Policy.getPolicyNoCheck(Policy.java:178)
at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321)
at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353)
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1034)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1324)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
Caused by: java.io.FileNotFoundException: \home\jdk-11\lib\security\default.policy (Das System kann den angegebenen Pfad nicht finden)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:213)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:155)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:110)
at java.base/sun.security.util.PolicyUtil.getInputStream(PolicyUtil.java:60)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:511)
... 17 more
---------- BEGIN SOURCE ----------
// This code should be invoked with a JRE that is located on a network drive addressing it with its UNC name, example call on Windows cmd:
// \\remote.example.com\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
public class PolicyUtilTester
{
public static void main(String[] args){
SecurityManager appsm = System.getSecurityManager();
appsm.checkExit(0);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
If the network drive is mapped, the program can be called this way:
H:\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
In our case this is not a practical solution.
FREQUENCY : always
Attachments
Issue Links
- backported by
-
JDK-8220782 Program fails when using JDK addressed by UNC path and using Security Manager
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Closed
-
-
JDK-8159752 Grant de-privileged module permissions by default with java.security.policy override option
-
- Closed
-
-
-
- Closed
-
(1 relates to)