Source file launch with security manager enabled fails

Jaikiran Pai jai.forums2013 at gmail.com
Thu Feb 3 13:32:05 UTC 2022 

Thank you Sean for the confirmation. I just filed 
https://bugs.openjdk.java.net/browse/JDK-8281217 to track this.

-Jaikiran

On 03/02/22 6:55 pm, Sean Mullan wrote:
> I only took a quick look, but it looks like a bug. The jdk.compiler 
> module needs to be granted that permission in the default.policy file.
>
> Please file a bug, or if you like I can file one on your behalf.
>
> Thanks,
> Sean
>
> On 2/3/22 8:01 AM, Jaikiran Pai wrote:
>> I'm unsure if core-libs is the right place for this or compiler-dev,
>> sending this to core-libs for now.
>>
>> Please consider this trivial Java source file:
>>
>> public class HelloWorld {
>>       public static void main(final String[] args) throws Exception {
>>           System.out.println("Hello World");
>>       }
>> }
>>
>> Running this in source file launcher mode as follows:
>>
>> java HelloWorld.java
>>
>> returns the expected result. However when running in source file
>> launcher mode *and* with security manager enabled, it throws the
>> following exception:
>>
>> java -Djava.security.manager=default HelloWorld.java
>>
>> WARNING: A command line option has enabled the Security Manager
>> WARNING: The Security Manager is deprecated and will be removed in a
>> future release
>> Exception in thread "main" java.security.AccessControlException: access
>> denied ("java.lang.RuntimePermission"
>> "accessClassInPackage.jdk.internal.misc")
>>       at
>> java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) 
>>
>>       at
>> java.base/java.security.AccessController.checkPermission(AccessController.java:1068) 
>>
>>       at
>> java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) 
>>
>>       at
>> java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332) 
>>
>>       at
>> java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184) 
>>
>>       at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
>>       at 
>> jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
>>
>>
>> This happens in Java 17 as well as latest master branch. I haven't
>> checked older releases but I guess it's reproducible there too.
>>
>> Are users expected to use an explicit policy file to add this permission
>> in source file launch mode or is this missing an internal doPrivileged
>> call in the JDK?
>>
>> As an additional input, compiling this file first using javac and then
>> launching it in traditional mode with security manager enabled works 
>> fine:
>>
>> javac HelloWorld.java
>>
>> java -Djava.security.manager=default HelloWorld
>> WARNING: A command line option has enabled the Security Manager
>> WARNING: The Security Manager is deprecated and will be removed in a
>> future release
>> Hello World
>>
>>
>> -Jaikiran
>>
>>
>>

More information about the core-libs-dev mailing list