-Djava.security.manager=problems for service providers
Peter Firmstone
peter.firmstone at zeus.net.au
Tue Mar 27 12:56:39 UTC 2018
Not sure if this is the right place to mention this.
Anyone notice that specifying a custom security manager at jvm start up
causes issues with service providers loading? If using the sun
PolicyFile implementation, the policy doesn't load due to the provider
failure, I have a custom policy implementation that will allow the jvm
to run in this state, and other providers are also not loading, such as
the logger and JCE.
Note that it doesn't occur if the security manager is set
programmatically in the main method at start up, only if it's set via
command line option.
Examples of providers not loading:
[java] java.lang.NullPointerException
[java] Can't load log handler "java.util.logging.ConsoleHandler"
[java] java.lang.NullPointerException
[java] java.lang.NullPointerException
[java] at java.util.logging.LogManager$5.run(LogManager.java:965)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
[java] at
java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
[java] at
java.util.logging.LogManager.access$1500(LogManager.java:145)
[java] at
java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
[java] at java.util.logging.Logger.getHandlers(Logger.java:1777)
[java] at java.util.logging.Logger.log(Logger.java:735)
[java] at java.util.logging.Logger.doLog(Logger.java:765)
[java] at java.util.logging.Logger.log(Logger.java:788)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
[java] at
org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
[java] at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[java] at
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
[java] at java.lang.Class.newInstance(Class.java:442)
[java] at sun.misc.Launcher.<init>(Launcher.java:93)
[java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
[java] at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
[java] Error occurred during initialization of VM
[java] java.lang.ExceptionInInitializerError
[java] at
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
[java] at
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
[java] at
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
[java] at
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
[java] at
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
[java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
[java] at java.security.Policy.getPolicy(Policy.java:154)
[java] at net.jini.security.Security$7.run(Security.java:1054)
[java] at net.jini.security.Security$7.run(Security.java:1052)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at net.jini.security.Security.getPolicy(Security.java:1052)
[java] at net.jini.security.Security.getContext(Security.java:506)
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
[java] at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[java] at
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
[java] at java.lang.Class.newInstance(Class.java:442)
[java] at sun.misc.Launcher.<init>(Launcher.java:93)
[java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
[java] at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
[java] Caused by: java.lang.NullPointerException
[java] at
java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
[java] at
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
[java] at
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
[java] at
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
[java] at
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
[java] at
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
[java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
[java] at java.security.Policy.getPolicy(Policy.java:154)
[java] at net.jini.security.Security$7.run(Security.java:1054)
[java] at net.jini.security.Security$7.run(Security.java:1052)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at net.jini.security.Security.getPolicy(Security.java:1052)
[java] at net.jini.security.Security.getContext(Security.java:506)
[java] Unexpected exception:
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
[java] at
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
[java] at
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
[java] at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[java] at
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
[java] at java.lang.Class.newInstance(Class.java:442)
[java] at sun.misc.Launcher.<init>(Launcher.java:93)
[java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
[java] at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
[java] java.lang.ExceptionInInitializerError
[java] at
javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
[java] at
javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
[java] at
javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
[java] at
sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
[java] at
sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
[java] at
sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
[java] at
sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
[java] at
sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
[java] at
sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
[java] at java.lang.Class.forName0(Native Method)
[java] at java.lang.Class.forName(Class.java:264)
[java] at
java.security.Provider$Service.getImplClass(Provider.java:1634)
[java] at
java.security.Provider$Service.newInstance(Provider.java:1592)
[java] at
sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
[java] at
sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
[java] at
javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
[java] at
net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
[java] at
net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
[java] at
net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
[java] at
net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
[java] at
net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
[java] at
net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
[java] at
net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
[java] at
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
[java] at
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
[java] at com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
[java] at
org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
[java] at
org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
[java] at
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
[java] at
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
[java] at
org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
[java] at
org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
[java] at
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
[java] at
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
[java] at
org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
[java] at
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
[java] at
org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
[java] at
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
[java] at
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
[java] at
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
[java] at
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
[java] at
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
[java] Caused by: java.lang.SecurityException: Can not initialize
cryptographic mechanism
[java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
[java] ... 44 more
[java] Caused by: java.lang.SecurityException: Cannot locate
policy or framework files!
[java] at
javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
[java] at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
[java] at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
More information about the net-dev
mailing list