Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Kevin Rushforth
kevin.rushforth at oracle.com
Sat Jun 14 00:05:36 UTC 2014
Hi Scott,
I created two new non-confidential bugs and closed the original ones as
duplicates. Here are the new bugs:
reflection in daemon thread:
JDK-8046825 <https://bugs.openjdk.java.net/browse/JDK-8046825> (was
JDK-8040699) : All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager
security manager and applet-desc webstart mode:
JDK-8046826 <https://bugs.openjdk.java.net/browse/JDK-8046826> (was
JDK-8040231) : All permission fx javaws app could not set Security
Manager to null.
I have copied Dmitry in case he has any information about these bugs.
-- Kevin
Kevin Rushforth wrote:
> Dmitry can comment further, but it is possible that this issue could
> be backported to 8u40 if done soon enough.
>
> I will double-check whether the bugs can be made non-confidential (so
> you can at least track progress), but I suspect they cannot in their
> current form, in which case new bugs should be filed with the
> confidential information moved to confidential comments in the bug. I
> will help with this.
>
> -- Kevin
>
>
> Scott Palmer wrote:
>> Drat... I was hoping to see something much sooner, like 8u20
>> (obviously too late now) or 8u40. I'm unable to use Web Start
>> deployment because of this.
>>
>> Is it necessary for these issues to be blocked from anonymous viewing?
>>
>> Thanks for the update.
>>
>> Scott
>>
>>
>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth
>> <kevin.rushforth at oracle.com <mailto:kevin.rushforth at oracle.com>> wrote:
>>
>> These are now assigned to Dmitry Cherapanov who I have copied here
>> in case he isn't on the openjfx alias. They are both targeted to
>> JDK 9.
>>
>> -- Kevin
>>
>>
>> Scott Palmer wrote:
>>
>> I tried to send an email to Thomas asking about the status of
>> these issues
>> (they are not visible to me), but the email bounced (user
>> unknown). Could
>> someone let me know the status?
>>
>> Thanks,
>>
>> Scott
>>
>>
>> On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
>> <thomas.v.ng at oracle.com <mailto:thomas.v.ng at oracle.com>> wrote:
>>
>>
>> Thanks for the report!
>>
>> Two bugs created for this:
>>
>> security manager and applet-desc webstart mode:
>> https://bugs.openjdk.java.net/browse/JDK-8040231
>>
>> reflection in daemon thread:
>> https://bugs.openjdk.java.net/browse/JDK-8040699
>>
>> -thomas
>>
>>
>> *From: *Scott Palmer <swpalmer at gmail.com
>> <mailto:swpalmer at gmail.com>>
>> *Subject: **All-Permissions not working properly with
>> sun.plugin2.applet.FXAppletSecurityManager*
>> *Date: *April 14, 2014 at 1:07:36 PM PDT
>> *To: *"openjfx-dev at openjdk.java.net
>> <mailto:openjfx-dev at openjdk.java.net>"
>> <openjfx-dev at openjdk.java.net
>> <mailto:openjfx-dev at openjdk.java.net>>
>>
>>
>> Can someone confirm that all-permissions is working for
>> JavaFX apps
>> that are launched via Web Start with Java 8.0 and use
>> daemon threads
>> in a Service?
>>
>> I have a JNLP file that has:
>> <security>
>> <all-permissions/>
>> </security>
>>
>> and the manifest of my app's jar has the following
>> instruction in my
>> Gradle script:
>>
>> jar {
>> manifest {
>> attributes('Permissions': 'all-permissions',
>> 'Codebase': '*')
>> }
>> }
>>
>> I'm using the javafx gradle plugin and signing the jars...
>> e.g. I see this for every dependency and the main jar:
>> ...
>> Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
>> Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
>> ...
>>
>> I even tried System.setSecurityManager(null); in my
>> start() method
>> (and it lets me do it).
>>
>> However, daemon threads started by my Service are unable
>> to use
>> reflection. (It is working in the main FX application
>> thread.) I see
>> the following stack trace in the Java console:
>>
>>
>> Caused by: java.security.AccessControlException: access
>> denied
>> ("java.lang.reflect.ReflectPermission"
>> "suppressAccessChecks")
>> at
>> java.security.AccessControlContext.checkPermission(Unknown
>> Source)
>> at java.security.AccessController.checkPermission(Unknown
>> Source)
>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>> at
>>
>> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>> Source)
>> at
>> java.lang.reflect.AccessibleObject.setAccessible(Unknown
>> Source)
>>
>>
>> Caused by: java.security.AccessControlException: access
>> denied
>> ("java.lang.RuntimePermission" "accessDeclaredMembers")
>> at
>> java.security.AccessControlContext.checkPermission(Unknown
>> Source)
>> at java.security.AccessController.checkPermission(Unknown
>> Source)
>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>> at
>>
>> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>> Source)
>> at java.lang.Class.checkMemberAccess(Unknown Source)
>> at java.lang.Class.getDeclaredMethod(Unknown Source)
>> at
>>
>> ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
>>
>> at
>>
>> ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
>>
>> at
>>
>> ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
>>
>> ... 33 more
>>
>> I bring it up here because FXAppletSecurityManager is
>> involved and
>> this smells like a possible bug in plugin2
>>
>> Regards,
>>
>> Scott
>>
>>
>>
>>
>>
>>
More information about the openjfx-dev
mailing list