Source file launch with security manager enabled fails

Jaikiran Pai jai.forums2013 at gmail.com
Thu Feb 3 13:01:40 UTC 2022 

I'm unsure if core-libs is the right place for this or compiler-dev, 
sending this to core-libs for now.

Please consider this trivial Java source file:

public class HelloWorld {
     public static void main(final String[] args) throws Exception {
         System.out.println("Hello World");
     }
}

Running this in source file launcher mode as follows:

java HelloWorld.java

returns the expected result. However when running in source file 
launcher mode *and* with security manager enabled, it throws the 
following exception:

java -Djava.security.manager=default HelloWorld.java

WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a 
future release
Exception in thread "main" java.security.AccessControlException: access 
denied ("java.lang.RuntimePermission" 
"accessClassInPackage.jdk.internal.misc")
     at 
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
     at 
java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
     at 
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
     at 
java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332)
     at 
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184)
     at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
     at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)


This happens in Java 17 as well as latest master branch. I haven't 
checked older releases but I guess it's reproducible there too.

Are users expected to use an explicit policy file to add this permission 
in source file launch mode or is this missing an internal doPrivileged 
call in the JDK?

As an additional input, compiling this file first using javac and then 
launching it in traditional mode with security manager enabled works fine:

javac HelloWorld.java

java -Djava.security.manager=default HelloWorld
WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a 
future release
Hello World


-Jaikiran

More information about the core-libs-dev mailing list