JPMS Access Checks, Verification and the Security Manager

David Holmes david.holmes at oracle.com
Wed May 24 02:45:24 UTC 2017 

On 23/05/2017 10:45 PM, Volker Simonis wrote:
> On Tue, May 23, 2017 at 10:51 AM, David Holmes <david.holmes at oracle.com> wrote:
>> On 23/05/2017 6:20 PM, Alan Bateman wrote:
>>>
>>> Volker - one suggestion for your experiments is to change your JDK 8
>>> security properties file (java.security) to add "com.sun.crypto.provider."
>>> to the value of the "package.access" property. That should mean you will get
>>> the same AccessControlException with JDK 8 as you do with JDK 9. It may help
>>> to reason about the JDK 8 behavior, including what is triggered by
>>> verification, before looking at 9.
>>>
>>> On the "Error: A JNI error has occurred, please check your installation
>>> and try again" message. It's not core to your questions of course but I
>>> agree it is confusing. Ramanand Patil had a number of attempts on
>>> core-libs-dev to improve this and it may be that more is needed there.
>>
>>
>> Yes I was sure we had agreed to remove that and I don't see it in Oracle JDK
>> so perhaps it is only in OpenJDK launcher?
>>
> 
> Hi David,
> 
> not sure what you mean? Does the Oracle JDK come with another launcher
> compared to the OpenJDK?

No - I was confusing myself.

> I've just tried with the latest EA build 170 (which I assume is an
> Oracle JDK) and I see exactly the same error:

Ok. I see now that we still have the confusing error message depending 
on exactly when the exception is thrown.

David
-----


> java -Djava.security.manager -showversion Tricky ""
> java version "9-ea"
> Java(TM) SE Runtime Environment (build 9-ea+170)
> Java HotSpot(TM) Server VM (build 9-ea+170, mixed mode)
> Error: A JNI error has occurred, please check your installation and try again
> Exception in thread "main" java.security.AccessControlException:
> access denied ("java.lang.RuntimePermission"
> "accessClassInPackage.com.sun.crypto.provider")
>      at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:471)
>      at java.base/java.security.AccessController.checkPermission(AccessController.java:894)
>      at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:561)
>      at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534)
>      at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:671)
>      at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:669)
>      at java.base/java.security.AccessController.doPrivileged(Native Method)
>      at java.base/java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:669)
>      at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
>      at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3134)
>      at java.base/java.lang.Class.getMethodsRecursive(Class.java:3275)
>      at java.base/java.lang.Class.getMethod0(Class.java:3261)
>      at java.base/java.lang.Class.getMethod(Class.java:2062)
>      at java.base/sun.launcher.LauncherHelper.validateMainClass(LauncherHelper.java:712)
>      at java.base/sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:570)
> 
> So what do you mean when saying that you don't see it in the Oracle JDK?
> 
> Regards,
> Volker
> 
>> David
>>
>>
>>> -Alan
>>>
>>

More information about the security-dev mailing list