All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Scott Palmer
swpalmer at gmail.com
Sat Jun 14 00:18:38 UTC 2014
Thank you.
Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login.
The "Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account.
Scott
On Jun 13, 2014, at 8:05 PM, Kevin Rushforth <kevin.rushforth at oracle.com> wrote:
> Hi Scott,
>
> I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs:
>
>
> reflection in daemon thread:
> JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
>
> security manager and applet-desc webstart mode:
> JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null.
>
> I have copied Dmitry in case he has any information about these bugs.
>
> -- Kevin
>
>
> Kevin Rushforth wrote:
>>
>> Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough.
>>
>> I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot in their current form, in which case new bugs should be filed with the confidential information moved to confidential comments in the bug. I will help with this.
>>
>> -- Kevin
>>
>>
>> Scott Palmer wrote:
>>> Drat... I was hoping to see something much sooner, like 8u20 (obviously too late now) or 8u40. I'm unable to use Web Start deployment because of this.
>>>
>>> Is it necessary for these issues to be blocked from anonymous viewing?
>>>
>>> Thanks for the update.
>>>
>>> Scott
>>>
>>>
>>> On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth <kevin.rushforth at oracle.com <mailto:kevin.rushforth at oracle.com>> wrote:
>>>
>>> These are now assigned to Dmitry Cherapanov who I have copied here
>>> in case he isn't on the openjfx alias. They are both targeted to
>>> JDK 9.
>>>
>>> -- Kevin
>>>
>>>
>>> Scott Palmer wrote:
>>>
>>> I tried to send an email to Thomas asking about the status of
>>> these issues
>>> (they are not visible to me), but the email bounced (user
>>> unknown). Could
>>> someone let me know the status?
>>>
>>> Thanks,
>>>
>>> Scott
>>>
>>>
>>> On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
>>> <thomas.v.ng at oracle.com <mailto:thomas.v.ng at oracle.com>> wrote:
>>>
>>>
>>> Thanks for the report!
>>>
>>> Two bugs created for this:
>>>
>>> security manager and applet-desc webstart mode:
>>> https://bugs.openjdk.java.net/browse/JDK-8040231
>>>
>>> reflection in daemon thread:
>>> https://bugs.openjdk.java.net/browse/JDK-8040699
>>>
>>> -thomas
>>>
>>>
>>> *From: *Scott Palmer <swpalmer at gmail.com
>>> <mailto:swpalmer at gmail.com>>
>>> *Subject: **All-Permissions not working properly with
>>> sun.plugin2.applet.FXAppletSecurityManager*
>>> *Date: *April 14, 2014 at 1:07:36 PM PDT
>>> *To: *"openjfx-dev at openjdk.java.net
>>> <mailto:openjfx-dev at openjdk.java.net>"
>>> <openjfx-dev at openjdk.java.net
>>> <mailto:openjfx-dev at openjdk.java.net>>
>>>
>>>
>>> Can someone confirm that all-permissions is working for
>>> JavaFX apps
>>> that are launched via Web Start with Java 8.0 and use
>>> daemon threads
>>> in a Service?
>>>
>>> I have a JNLP file that has:
>>> <security>
>>> <all-permissions/>
>>> </security>
>>>
>>> and the manifest of my app's jar has the following
>>> instruction in my
>>> Gradle script:
>>>
>>> jar {
>>> manifest {
>>> attributes('Permissions': 'all-permissions',
>>> 'Codebase': '*')
>>> }
>>> }
>>>
>>> I'm using the javafx gradle plugin and signing the jars...
>>> e.g. I see this for every dependency and the main jar:
>>> ...
>>> Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
>>> Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
>>> ...
>>>
>>> I even tried System.setSecurityManager(null); in my
>>> start() method
>>> (and it lets me do it).
>>>
>>> However, daemon threads started by my Service are unable
>>> to use
>>> reflection. (It is working in the main FX application
>>> thread.) I see
>>> the following stack trace in the Java console:
>>>
>>>
>>> Caused by: java.security.AccessControlException: access denied
>>> ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
>>> at
>>> java.security.AccessControlContext.checkPermission(Unknown
>>> Source)
>>> at java.security.AccessController.checkPermission(Unknown
>>> Source)
>>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>>> at
>>> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>>> Source)
>>> at
>>> java.lang.reflect.AccessibleObject.setAccessible(Unknown
>>> Source)
>>>
>>>
>>> Caused by: java.security.AccessControlException: access denied
>>> ("java.lang.RuntimePermission" "accessDeclaredMembers")
>>> at
>>> java.security.AccessControlContext.checkPermission(Unknown
>>> Source)
>>> at java.security.AccessController.checkPermission(Unknown
>>> Source)
>>> at java.lang.SecurityManager.checkPermission(Unknown Source)
>>> at
>>> sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
>>> Source)
>>> at java.lang.Class.checkMemberAccess(Unknown Source)
>>> at java.lang.Class.getDeclaredMethod(Unknown Source)
>>> at
>>> ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
>>> at
>>> ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
>>> at
>>> ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
>>> ... 33 more
>>>
>>> I bring it up here because FXAppletSecurityManager is
>>> involved and
>>> this smells like a possible bug in plugin2
>>>
>>> Regards,
>>>
>>> Scott
>>>
>>>
>>>
>>>
>>>
>>>
More information about the openjfx-dev
mailing list