jjs with support for Security Manager?

Bernd Eckenfels ecki at zusammenkunft.net
Wed Feb 5 02:22:19 PST 2014 

Hello,

Am Wed, 05 Feb 2014 12:38:45 +0530
schrieb "A. Sundararajan" <sundararajan.athijegannathan at oracle.com>:
> The -D System properties are set after jjs tool is initialized. If
> you want System properties to be initialized before VM is
> initialized, you should use -J-D.
> 
>      jjs -J-Djava.security.manager foo.js
> 
> This is true of all JDK bin tools. Any -J option is passed to the VM.

Yes true, I haven't thought of it because jjs supports the -D syntax and
the property is actually set (but obviously too late).

So with "jjs -J-Djava.security.manager" I can actually start a instance
where the SM is enabled. If I use it to start a *.js file it actually
works (the default permissions granted apply - see below).

However in interactive mode the policy does not match. Not sure if this
is a required function (it would be certainly good for testing):


$ export JAVA_HOME=/c/Program\ Files/Java/jdk1.8.0/
$ cat $TEMP/sec.js
var System = Java.type("java.lang.System")
System.out.printf("java.version=%s%n", System.getProperty("java.version"))
exit(2) // expected to fail

$ "$JAVA_HOME/bin/jjs" -J-Djava.security.manager $TEMP/sec.js
java.version=1.8.0
Exception in thread "main" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.2")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
        at java.security.AccessController.checkPermission(AccessController.java:884)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkExit(SecurityManager.java:761)
        at java.lang.Runtime.exit(Runtime.java:107)
        at java.lang.System.exit(System.java:968)
        at jdk.nashorn.internal.objects.Global.exit(Global.java:889)
        at jdk.nashorn.internal.scripts.Script$sec.runScript(C:/Users/eckenfel/AppData/Local/Temp/sec.js:3)
        at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:498)
        at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:206)
        at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:378)
        at jdk.nashorn.tools.Shell.apply(Shell.java:381)
        at jdk.nashorn.tools.Shell.runScripts(Shell.java:310)
        at jdk.nashorn.tools.Shell.run(Shell.java:166)
        at jdk.nashorn.tools.Shell.main(Shell.java:130)
        at jdk.nashorn.tools.Shell.main(Shell.java:109)
$ "$JAVA_HOME/bin/jjs" -J-Djava.security.manager
jjs> java.lang.System.getProperty("java.version")
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.version" "read")

More information about the nashorn-dev mailing list