-Djava.security.manager=problems for service providers

Peter Firmstone peter.firmstone at zeus.net.au
Tue Mar 27 12:56:39 UTC 2018


Not sure if this is the right place to mention this.

Anyone notice that specifying a custom security manager at jvm start up 
causes issues with service providers loading?   If using the sun 
PolicyFile implementation, the policy doesn't load due to the provider 
failure, I have a custom policy implementation that will allow the jvm 
to run in this state, and other providers are also not loading, such as 
the logger and JCE.

Note that it doesn't occur if the security manager is set 
programmatically in the main method at start up, only if it's set via 
command line option.

Examples of providers not loading:

      [java] java.lang.NullPointerException
      [java] Can't load log handler "java.util.logging.ConsoleHandler"
      [java] java.lang.NullPointerException
      [java] java.lang.NullPointerException
      [java]     at java.util.logging.LogManager$5.run(LogManager.java:965)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
      [java]     at 
java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
      [java]     at 
java.util.logging.LogManager.access$1500(LogManager.java:145)
      [java]     at 
java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
      [java]     at java.util.logging.Logger.getHandlers(Logger.java:1777)
      [java]     at java.util.logging.Logger.log(Logger.java:735)
      [java]     at java.util.logging.Logger.doLog(Logger.java:765)
      [java]     at java.util.logging.Logger.log(Logger.java:788)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
      [java]     at 
org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      [java]     at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      [java]     at 
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      [java]     at java.lang.Class.newInstance(Class.java:442)
      [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
      [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
      [java]     at 
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
      [java]     at 
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)


      [java] Error occurred during initialization of VM
      [java] java.lang.ExceptionInInitializerError
      [java]     at 
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
      [java]     at 
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
      [java]     at 
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
      [java]     at 
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
      [java]     at 
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
      [java]     at 
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
      [java]     at 
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
      [java]     at 
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
      [java]     at 
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
      [java]     at 
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
      [java]     at 
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
      [java]     at 
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
      [java]     at java.security.Policy.getPolicyNoCheck(Policy.java:196)
      [java]     at java.security.Policy.getPolicy(Policy.java:154)
      [java]     at net.jini.security.Security$7.run(Security.java:1054)
      [java]     at net.jini.security.Security$7.run(Security.java:1052)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at net.jini.security.Security.getPolicy(Security.java:1052)
      [java]     at net.jini.security.Security.getContext(Security.java:506)
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      [java]     at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      [java]     at 
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      [java]     at java.lang.Class.newInstance(Class.java:442)
      [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
      [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
      [java]     at 
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
      [java]     at 
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
      [java] Caused by: java.lang.NullPointerException
      [java]     at 
java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
      [java]     at 
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
      [java]     at 
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
      [java]     at 
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
      [java]     at 
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
      [java]     at 
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
      [java]     at 
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
      [java]     at 
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
      [java]     at 
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
      [java]     at 
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
      [java]     at 
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
      [java]     at 
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
      [java]     at 
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
      [java]     at java.security.Policy.getPolicyNoCheck(Policy.java:196)
      [java]     at java.security.Policy.getPolicy(Policy.java:154)
      [java]     at net.jini.security.Security$7.run(Security.java:1054)
      [java]     at net.jini.security.Security$7.run(Security.java:1052)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at net.jini.security.Security.getPolicy(Security.java:1052)
      [java]     at net.jini.security.Security.getContext(Security.java:506)
      [java] Unexpected exception:
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
      [java]     at 
org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
      [java]     at 
org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [java]     at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      [java]     at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      [java]     at 
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      [java]     at java.lang.Class.newInstance(Class.java:442)
      [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
      [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
      [java]     at 
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
      [java]     at 
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)



      [java] java.lang.ExceptionInInitializerError
      [java]     at 
javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
      [java]     at 
javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
      [java]     at 
javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
      [java]     at 
sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
      [java]     at 
sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
      [java]     at 
sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
      [java]     at 
sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
      [java]     at 
sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
      [java]     at 
sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
      [java]     at java.lang.Class.forName0(Native Method)
      [java]     at java.lang.Class.forName(Class.java:264)
      [java]     at 
java.security.Provider$Service.getImplClass(Provider.java:1634)
      [java]     at 
java.security.Provider$Service.newInstance(Provider.java:1592)
      [java]     at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
      [java]     at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
      [java]     at 
javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
      [java]     at 
net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
      [java]     at 
net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
      [java]     at 
net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
      [java]     at 
net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
      [java]     at 
net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
      [java]     at 
net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
      [java]     at 
net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
      [java]     at 
net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
      [java]     at 
net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
      [java]     at com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
      [java]     at 
org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
      [java]     at 
org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
      [java]     at 
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
      [java]     at 
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
      [java]     at 
org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
      [java]     at 
org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
      [java]     at 
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
      [java]     at 
org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
      [java]     at 
org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
      [java]     at 
org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
      [java]     at 
org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
      [java]     at 
org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
      [java]     at 
org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
      [java]     at 
org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at 
javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
      [java]     at 
org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
      [java]     at 
org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
      [java] Caused by: java.lang.SecurityException: Can not initialize 
cryptographic mechanism
      [java]     at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
      [java]     ... 44 more
      [java] Caused by: java.lang.SecurityException: Cannot locate 
policy or framework files!
      [java]     at 
javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
      [java]     at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
      [java]     at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
      [java]     at java.security.AccessController.doPrivileged(Native 
Method)
      [java]     at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)


More information about the net-dev mailing list