Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager

Kevin Rushforth kevin.rushforth at oracle.com
Wed Jun 11 16:52:12 UTC 2014 

Dmitry can comment further, but it is possible that this issue could be 
backported to 8u40 if done soon enough.

I will double-check whether the bugs can be made non-confidential (so 
you can at least track progress), but I suspect they cannot in their 
current form, in which case new bugs should be filed with the 
confidential information moved to confidential comments in the bug. I 
will help with this.

-- Kevin


Scott Palmer wrote:
> Drat... I was hoping to see something much sooner, like 8u20 
> (obviously too late now) or 8u40.  I'm unable to use Web Start 
> deployment because of this.
>
> Is it necessary for these issues to be blocked from anonymous viewing?
>
> Thanks for the update.
>
> Scott
>
>
> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth 
> <kevin.rushforth at oracle.com <mailto:kevin.rushforth at oracle.com>> wrote:
>
>     These are now assigned to Dmitry Cherapanov who I have copied here
>     in case he isn't on the openjfx alias. They are both targeted to
>     JDK 9.
>
>     -- Kevin
>
>
>     Scott Palmer wrote:
>
>         I tried to send an email to Thomas asking about the status of
>         these issues
>         (they are not visible to me), but the email bounced (user
>         unknown).  Could
>         someone let me know the status?
>
>         Thanks,
>
>         Scott
>
>
>         On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
>         <thomas.v.ng at oracle.com <mailto:thomas.v.ng at oracle.com>> wrote:
>
>          
>
>              Thanks for the report!
>
>             Two bugs created for this:
>
>             security manager and applet-desc webstart mode:
>             https://bugs.openjdk.java.net/browse/JDK-8040231
>
>             reflection in daemon thread:
>             https://bugs.openjdk.java.net/browse/JDK-8040699
>
>             -thomas
>
>
>               *From: *Scott Palmer <swpalmer at gmail.com
>             <mailto:swpalmer at gmail.com>>
>              *Subject: **All-Permissions not working properly with
>             sun.plugin2.applet.FXAppletSecurityManager*
>              *Date: *April 14, 2014 at 1:07:36 PM PDT
>              *To: *"openjfx-dev at openjdk.java.net
>             <mailto:openjfx-dev at openjdk.java.net>"
>             <openjfx-dev at openjdk.java.net
>             <mailto:openjfx-dev at openjdk.java.net>>
>
>
>             Can someone confirm that all-permissions is working for
>             JavaFX apps
>             that are launched via Web Start with Java 8.0 and use
>             daemon threads
>             in a Service?
>
>             I have a JNLP file that has:
>             <security>
>              <all-permissions/>
>             </security>
>
>             and the manifest of my app's jar has the following
>             instruction in my
>             Gradle script:
>
>             jar {
>                manifest {
>                    attributes('Permissions': 'all-permissions',
>                               'Codebase': '*')
>                }
>             }
>
>             I'm using the javafx gradle plugin and signing the jars...
>             e.g. I see this for every dependency and the main jar:
>             ...
>             Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
>             Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
>             ...
>
>             I even tried System.setSecurityManager(null); in my
>             start() method
>             (and it lets me do it).
>
>             However, daemon threads started by my Service are unable
>             to use
>             reflection. (It is working in the main FX application
>             thread.)  I see
>             the following stack trace in the Java console:
>
>
>             Caused by: java.security.AccessControlException: access denied
>             ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
>             at
>             java.security.AccessControlContext.checkPermission(Unknown
>             Source)
>             at java.security.AccessController.checkPermission(Unknown
>             Source)
>             at java.lang.SecurityManager.checkPermission(Unknown Source)
>             at
>             sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>             Source)
>             at
>             java.lang.reflect.AccessibleObject.setAccessible(Unknown
>             Source)
>
>
>             Caused by: java.security.AccessControlException: access denied
>             ("java.lang.RuntimePermission" "accessDeclaredMembers")
>             at
>             java.security.AccessControlContext.checkPermission(Unknown
>             Source)
>             at java.security.AccessController.checkPermission(Unknown
>             Source)
>             at java.lang.SecurityManager.checkPermission(Unknown Source)
>             at
>             sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>             Source)
>             at java.lang.Class.checkMemberAccess(Unknown Source)
>             at java.lang.Class.getDeclaredMethod(Unknown Source)
>             at
>             ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
>             at
>             ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
>             at
>             ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
>             ... 33 more
>
>             I bring it up here because FXAppletSecurityManager is
>             involved and
>             this smells like a possible bug in plugin2
>
>             Regards,
>
>             Scott
>
>
>
>
>                
>
>

More information about the openjfx-dev mailing list