Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Scott Palmer
swpalmer at gmail.com
Wed Jun 11 16:18:33 UTC 2014
Drat... I was hoping to see something much sooner, like 8u20 (obviously too
late now) or 8u40. I'm unable to use Web Start deployment because of this.
Is it necessary for these issues to be blocked from anonymous viewing?
Thanks for the update.
Scott
On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth <
kevin.rushforth at oracle.com> wrote:
> These are now assigned to Dmitry Cherapanov who I have copied here in case
> he isn't on the openjfx alias. They are both targeted to JDK 9.
>
> -- Kevin
>
>
> Scott Palmer wrote:
>
>> I tried to send an email to Thomas asking about the status of these issues
>> (they are not visible to me), but the email bounced (user unknown). Could
>> someone let me know the status?
>>
>> Thanks,
>>
>> Scott
>>
>>
>> On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng <thomas.v.ng at oracle.com>
>> wrote:
>>
>>
>>
>>> Thanks for the report!
>>>
>>> Two bugs created for this:
>>>
>>> security manager and applet-desc webstart mode:
>>> https://bugs.openjdk.java.net/browse/JDK-8040231
>>>
>>> reflection in daemon thread:
>>> https://bugs.openjdk.java.net/browse/JDK-8040699
>>>
>>> -thomas
>>>
>>>
>>> *From: *Scott Palmer <swpalmer at gmail.com>
>>> *Subject: **All-Permissions not working properly with
>>> sun.plugin2.applet.FXAppletSecurityManager*
>>> *Date: *April 14, 2014 at 1:07:36 PM PDT
>>> *To: *"openjfx-dev at openjdk.java.net" <openjfx-dev at openjdk.java.net>
>>>
>>>
>>> Can someone confirm that all-permissions is working for JavaFX apps
>>> that are launched via Web Start with Java 8.0 and use daemon threads
>>> in a Service?
>>>
>>> I have a JNLP file that has:
>>> <security>
>>> <all-permissions/>
>>> </security>
>>>
>>> and the manifest of my app's jar has the following instruction in my
>>> Gradle script:
>>>
>>> jar {
>>> manifest {
>>> attributes('Permissions': 'all-permissions',
>>> 'Codebase': '*')
>>> }
>>> }
>>>
>>> I'm using the javafx gradle plugin and signing the jars...
>>> e.g. I see this for every dependency and the main jar:
>>> ...
>>> Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
>>> Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
>>> ...
>>>
>>> I even tried System.setSecurityManager(null); in my start() method
>>> (and it lets me do it).
>>>
>>> However, daemon threads started by my Service are unable to use
>>> reflection. (It is working in the main FX application thread.) I see
>>> the following stack trace in the Java console:
>>>
>>>
>>> Caused by: java.security.AccessControlException: access denied
>>> ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
>>> at java.security.AccessControlContext.checkPermission(Unknown Source)
>>> at java.security.AccessController.checkPermission(Unknown Source)
>>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>>> at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>>> Source)
>>> at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
>>>
>>>
>>> Caused by: java.security.AccessControlException: access denied
>>> ("java.lang.RuntimePermission" "accessDeclaredMembers")
>>> at java.security.AccessControlContext.checkPermission(Unknown Source)
>>> at java.security.AccessController.checkPermission(Unknown Source)
>>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>>> at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>>> Source)
>>> at java.lang.Class.checkMemberAccess(Unknown Source)
>>> at java.lang.Class.getDeclaredMethod(Unknown Source)
>>> at
>>> ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(
>>> PropertyResolver.java:304)
>>> at
>>> ma.glasnost.orika.property.PropertyResolver.processProperty(
>>> PropertyResolver.java:240)
>>> at
>>> ma.glasnost.orika.property.IntrospectorPropertyResolver.
>>> collectProperties(IntrospectorPropertyResolver.java:83)
>>> ... 33 more
>>>
>>> I bring it up here because FXAppletSecurityManager is involved and
>>> this smells like a possible bug in plugin2
>>>
>>> Regards,
>>>
>>> Scott
>>>
>>>
>>>
>>>
>>>
>>>
>>
More information about the openjfx-dev
mailing list