jtreg fails if the test requires a security manager!

Jonathan Gibbons jonathan.gibbons at oracle.com
Fri Apr 20 15:18:15 PDT 2012

jtreg has special handling and support for security managers, so that it 
can ensure it has permissions to do its job as well as let you do yours.

I've not played much in this area, but reading the tag-spec [1] I see 
the following sections.

>      /policy=<file>
> Define the Java system property "java.security.policy" to have the value
> "=${TESTSRC}/<file>", where TESTSRC is the name of the directory containing the
> defining file of the test.  This definition has the effect of making the given
> file the sole source of security policies to be used by the security manager.
> In particular, the system security policy and the user's security policy will
> be ignored.  If the /secure option is not used then the default security
> manager will be installed.
> Property expansion will be performed in the policy file as usual; in
> particular, the "test.src" and "test.classes" properties will name the source
> and class directories of the test being run (see DIRECTORY CONTEXT below).
> This option may only be used in conjunction with the /othervm option.
>      /secure=<class>
> Specify a subclass of java.lang.SecurityManager to be installed as the security
> manager.  An appropriate @build tag should be provided to ensure that the class
> is compiled.  If the /secure option is used without the /policy option then the
> system's built-in policy, equivalent to the original sandbox policy, will be
> assumed.
> This option may only be used in conjunction with the /othervm option.

Seems to me that you want /secure=java.lang.SecurityManager.  I agree 
your use of -Djava.security.manager is intuitive and should be 
considered as an RFE.

-- Jon

[1] http://openjdk.java.net/jtreg/tag-spec.txt

On 04/18/2012 09:40 PM, David Holmes wrote:
> Hi Jon,
> I have a new test that requires that a security manager be installed, 
> so I have:
> @run main/othervm -Djava.security.manager
> but this causes jtreg itself to encounter a security exception:
> Exception in thread "main" java.security.AccessControlException: 
> access denied ("java.io.FilePermission" 
> "/scratch/dh198349/dev-work/b11/linux-i586-dh/testoutput/jdk_util/JTwork/classes/java/util/concurrent/atomic/AtomicUpdaters.jta" 
> "read")
>         at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
>         at 
> java.security.AccessController.checkPermission(AccessController.java:555)
>         at 
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
>         at java.io.FileInputStream.<init>(FileInputStream.java:121)
>         at java.io.FileInputStream.<init>(FileInputStream.java:87)
>         at java.io.FileReader.<init>(FileReader.java:58)
>         at com.sun.javatest.regtest.MainWrapper.main(MainWrapper.java:45)
> What can I do to fix this?
> Thanks,
> David

More information about the jtreg-use mailing list