ServiceLoader loading services from platform modules (was Re: RFR 8159528: Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth)
Weijun Wang
weijun.wang at oracle.com
Wed Jul 13 02:41:49 UTC 2016
I wasn't running all tests before and today I noticed a new failure of
java/net/httpclient/security/Security.java.
I think it's because Krb5KeyExchangeService in java.security.jgss
provides ClientKeyExchangeService, and when ServiceLoader is iterating
through all its providers and touching Krb5KeyExchangeService it needs
to access its parent class ClientKeyExchangeService.
Change "@run main/policy=0.policy" to"@run
main/java.security.policy=0.policy" will succeed again, but I wonder why
we must do this? The test has nothing to do with JGSS. Should
ServiceLoader ignore any such exception?
Thanks
Max
----------------------------
The exception thrown by the test:
java.lang.ExceptionInInitializerError
at
sun.security.ssl.ClientKeyExchangeService.find(java.base at 9-internal/ClientKeyExchangeService.java:72)
at
sun.security.ssl.JsseJce.<clinit>(java.base at 9-internal/JsseJce.java:63)
at
sun.security.ssl.CipherSuite$BulkCipher.<clinit>(java.base at 9-internal/CipherSuite.java:513)
at
sun.security.ssl.CipherSuite.<clinit>(java.base at 9-internal/CipherSuite.java:1072)
at
sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(java.base at 9-internal/SSLContextImpl.java:352)
at
sun.security.ssl.SSLContextImpl.access$100(java.base at 9-internal/SSLContextImpl.java:41)
at
sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(java.base at 9-internal/SSLContextImpl.java:484)
at java.lang.Class.forName0(java.base at 9-internal/Native Method)
at java.lang.Class.forName(java.base at 9-internal/Class.java:294)
at
java.security.Provider$Service.getImplClass(java.base at 9-internal/Provider.java:1744)
at
java.security.Provider$Service.newInstance(java.base at 9-internal/Provider.java:1720)
at
sun.security.jca.GetInstance.getInstance(java.base at 9-internal/GetInstance.java:236)
at
sun.security.jca.GetInstance.getInstance(java.base at 9-internal/GetInstance.java:164)
at
javax.net.ssl.SSLContext.getInstance(java.base at 9-internal/SSLContext.java:166)
at
javax.net.ssl.SSLContext.getDefault(java.base at 9-internal/SSLContext.java:98)
at
java.net.http.HttpClientImpl.<init>(java.httpclient at 9-internal/HttpClientImpl.java:89)
at
java.net.http.HttpClientImpl.create(java.httpclient at 9-internal/HttpClientImpl.java:81)
at
java.net.http.HttpClientBuilderImpl.build(java.httpclient at 9-internal/HttpClientBuilderImpl.java:131)
at Security.main(Security.java:378)
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base at 9-internal/Native
Method)
at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base at 9-internal/NativeMethodAccessorImpl.java:62)
at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base at 9-internal/DelegatingMethodAccessorImpl.java:43)
at
java.lang.reflect.Method.invoke(java.base at 9-internal/Method.java:533)
at
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:110)
at java.lang.Thread.run(java.base at 9-internal/Thread.java:843)
Caused by: java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "accessClassInPackage.sun.security.ssl")
at
java.security.AccessControlContext.checkPermission(java.base at 9-internal/AccessControlContext.java:468)
at
java.security.AccessController.checkPermission(java.base at 9-internal/AccessController.java:894)
at
java.lang.SecurityManager.checkPermission(java.base at 9-internal/SecurityManager.java:541)
at
java.lang.SecurityManager.checkPackageAccess(java.base at 9-internal/SecurityManager.java:1500)
at
java.lang.ClassLoader$1.run(java.base at 9-internal/ClassLoader.java:632)
at
java.lang.ClassLoader$1.run(java.base at 9-internal/ClassLoader.java:630)
at
java.security.AccessController.doPrivileged(java.base at 9-internal/Native
Method)
at
java.lang.ClassLoader.checkPackageAccess(java.base at 9-internal/ClassLoader.java:630)
at
java.lang.ClassLoader.defineClass2(java.base at 9-internal/Native Method)
at
java.lang.ClassLoader.defineClass(java.base at 9-internal/ClassLoader.java:1032)
at
java.security.SecureClassLoader.defineClass(java.base at 9-internal/SecureClassLoader.java:182)
at
jdk.internal.loader.BuiltinClassLoader.defineClass(java.base at 9-internal/BuiltinClassLoader.java:512)
at
jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(java.base at 9-internal/BuiltinClassLoader.java:449)
at
java.security.AccessController.doPrivileged(java.base at 9-internal/Native
Method)
at
jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(java.base at 9-internal/BuiltinClassLoader.java:450)
at
jdk.internal.loader.BuiltinClassLoader.findClass(java.base at 9-internal/BuiltinClassLoader.java:354)
at
java.lang.ClassLoader.loadLocalClass(java.base at 9-internal/ClassLoader.java:531)
at java.lang.Class.forName(java.base at 9-internal/Class.java:450)
at
java.util.ServiceLoader.lambda$loadClassInModule$0(java.base at 9-internal/ServiceLoader.java:502)
at
java.security.AccessController.doPrivileged(java.base at 9-internal/Native
Method)
at
java.util.ServiceLoader.loadClassInModule(java.base at 9-internal/ServiceLoader.java:503)
at
java.util.ServiceLoader.access$500(java.base at 9-internal/ServiceLoader.java:218)
at
java.util.ServiceLoader$ModuleServicesIterator.nextService(java.base at 9-internal/ServiceLoader.java:724)
at
java.util.ServiceLoader$RestrictedIterator$2.run(java.base at 9-internal/ServiceLoader.java:541)
at
java.security.AccessController.doPrivileged(java.base at 9-internal/Native
Method)
at
java.util.ServiceLoader$RestrictedIterator.next(java.base at 9-internal/ServiceLoader.java:543)
at
java.util.ServiceLoader$2.next(java.base at 9-internal/ServiceLoader.java:921)
at
sun.security.ssl.ClientKeyExchangeService$Loader.<clinit>(java.base at 9-internal/ClientKeyExchangeService.java:62)
... 25 more
More information about the security-dev
mailing list