[JENKINS-EA] Lucene-Solr-master-Linux (32bit/jdk-9-ea+140) - Build # 18064 - Unstable!

Alan Bateman Alan.Bateman at oracle.com
Mon Oct 17 17:08:00 UTC 2016


On 17/10/2016 13:16, Uwe Schindler wrote:

> Hi,
>
> yes I checked more already: The issue is caused by the mentioned change (canonicalize of FilePermission). According to the docs of SecurityManager and FilePermission, code should always be able to read stuff below the classpath where the code was loaded from (in our case its part of a JAR file). So there is no need to add permissions for this, it should work automatically.
>
> So the following code must work without any extra permissions:
>
> URL url = this.getClass().getResource("somefilenexttoclassfile");
> InputStream is = url.openStream();
>
> Interestingly the first line already returns "null", means "resource not found", you don't get any SecurityException! As said before the code works without any problems if I pass the special JDK property jdk.io.permissionsUseCanonicalPath=true to the code. This is why I said that JDK-8164705 is causing the issue.
>
> I will write a short reproducer and post it here. The code should work with SecurityManager enabled and empty policy file, as the resource is covered by the rule (everything below code source).
>
The getResourceXXX methods are specified to return null when denied by 
the security manager so you can't distinguish it from not found. If you 
can get trace output with -Djava.security.debug=failure,access then it 
might help diagnose this.

It's probably best to follow-up on security-dev rather than jdk9-dev as 
that is the mailing list where permission classes are maintained.

-Alan


More information about the jdk9-dev mailing list