RFR(M) 8189116: Give the jdk.internal.vm.compiler.management only the permissions it really needs to expose the bean
Sean Mullan
sean.mullan at oracle.com
Tue Nov 14 20:02:43 UTC 2017
Try running with -Djava.security.debug=access:domain:failure
This will tell you what ProtectionDomain caused the
AccessControlException, which should give you a better idea of where the
problem is. Look for messages that start with "domain that failed ".
--Sean
On 11/14/17 1:22 AM, Jaroslav Tulach wrote:
> I tried the same test with
>
> changeset: 47679:d85284ccd1bd
> user: sspitsyn
> date: Fri Nov 03 17:09:25 2017 -0700
> summary: 8189731: Disable CFLH when there are no transformers
>
> and it also yields the exception. E.g. the problem is certainly not result of
> my changes.
>
> -jt
>
> PS: I try full rebuild on d85284ccd1bd maybe it disappears...
>
>
> On pondělí 13. listopadu 2017 20:53:35 CET Jaroslav Tulach wrote:
>> Hello Mandy,
>>
>> this was a good test:
>>>> ./build/linux-x64/jdk/bin/java -XX:+UnlockExperimentalVMOptions -XX:
>>>> +EnableJVMCI -XX:+UseJVMCICompiler -jar ...
>>>
>>> You can also try running the above command with -Djava.security.manager
>>> as a sanity test (the application may need additional permissions) -
>>> just a sanity test.
>>
>> I've just tried:
>>
>> $ ./build/linux-x64/jdk/bin/java -XX:+UnlockExperimentalVMOptions -XX:
>> +EnableJVMCI -XX:+UseJVMCICompiler -Djava.security.manager -jar ~/
>> NetBeansProjects/sieve/java/algorithm/target/sieve-algorithm-1.0-SNAPSHOT.ja
>> r
>>
>> and it doesn't work. I am getting an error below, however the code is not
>> running through my module at all. I don't understand the failure, I will
>> have to investigate more.
>>
>> -jt
>>
>>
>> Caused by: java.security.AccessControlException: access denied
>> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.vm.ci.services")
>> at java.base/
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java
>> : 472)
>> at java.base/
>> java.security.AccessController.checkPermission(AccessController.java:895)
>> at java.base/
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
>> at java.base/
>> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534)
>> at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:680)
>> at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:678)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at java.base/
>> java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:678)
>> at java.base/java.lang.ClassLoader.defineClass1(Native Method)
>> at
>> java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1006) at
>> java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1085) at
>> java.base/
>> java.security.SecureClassLoader.defineClass(SecureClassLoader.java:206)
>> at java.base/
>> jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:7
>> 60) at java.base/jdk.internal.loader.BuiltinClassLoader.lambda
>> $findClassInModuleOrNull$2(BuiltinClassLoader.java:683)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at java.base/
>> jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(BuiltinClassL
>> oader.java: 684)
>> at java.base/
>> jdk.internal.loader.BuiltinClassLoader.findClass(BuiltinClassLoader.java:562
>> ) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:607) at
>> java.base/java.lang.Class.forName(Class.java:451)
>> at java.base/java.util.ServiceLoader.lambda$loadProvider
>> $1(ServiceLoader.java:856)
>> at java.base/java.security.AccessController.doPrivileged(Native
>> Method)
>> at
>> java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java: 858)
>
>
More information about the core-libs-dev
mailing list