-Djava.security.manager=problems for service providers
Alan Bateman
Alan.Bateman at oracle.com
Tue Mar 27 13:06:00 UTC 2018
Moving this to security-dev.
From the stack trace, it looks like you are using JDK 8 or older. There
are several changes in JDK 9 and newer in the PolicyFile code to how it
loads its resources that may help with the issues you are seeing.
-Alan
On 27/03/2018 13:56, Peter Firmstone wrote:
> Not sure if this is the right place to mention this.
>
> Anyone notice that specifying a custom security manager at jvm start
> up causes issues with service providers loading? If using the sun
> PolicyFile implementation, the policy doesn't load due to the provider
> failure, I have a custom policy implementation that will allow the jvm
> to run in this state, and other providers are also not loading, such
> as the logger and JCE.
>
> Note that it doesn't occur if the security manager is set
> programmatically in the main method at start up, only if it's set via
> command line option.
>
> Examples of providers not loading:
>
> [java] java.lang.NullPointerException
> [java] Can't load log handler "java.util.logging.ConsoleHandler"
> [java] java.lang.NullPointerException
> [java] java.lang.NullPointerException
> [java] at
> java.util.logging.LogManager$5.run(LogManager.java:965)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
> [java] at
> java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
> [java] at
> java.util.logging.LogManager.access$1500(LogManager.java:145)
> [java] at
> java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
> [java] at java.util.logging.Logger.getHandlers(Logger.java:1777)
> [java] at java.util.logging.Logger.log(Logger.java:735)
> [java] at java.util.logging.Logger.doLog(Logger.java:765)
> [java] at java.util.logging.Logger.log(Logger.java:788)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
> [java] at
> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> [java] at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> [java] at
> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> [java] at java.lang.Class.newInstance(Class.java:442)
> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
> [java] at
> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
> [java] at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>
>
> [java] Error occurred during initialization of VM
> [java] java.lang.ExceptionInInitializerError
> [java] at
> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
> [java] at
> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
> [java] at
> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
> [java] at
> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
> [java] at
> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
> [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
> [java] at java.security.Policy.getPolicy(Policy.java:154)
> [java] at net.jini.security.Security$7.run(Security.java:1054)
> [java] at net.jini.security.Security$7.run(Security.java:1052)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> net.jini.security.Security.getPolicy(Security.java:1052)
> [java] at
> net.jini.security.Security.getContext(Security.java:506)
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> [java] at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> [java] at
> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> [java] at java.lang.Class.newInstance(Class.java:442)
> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
> [java] at
> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
> [java] at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
> [java] Caused by: java.lang.NullPointerException
> [java] at
> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
> [java] at
> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
> [java] at
> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
> [java] at
> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
> [java] at
> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
> [java] at
> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
> [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
> [java] at java.security.Policy.getPolicy(Policy.java:154)
> [java] at net.jini.security.Security$7.run(Security.java:1054)
> [java] at net.jini.security.Security$7.run(Security.java:1052)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> net.jini.security.Security.getPolicy(Security.java:1052)
> [java] at
> net.jini.security.Security.getContext(Security.java:506)
> [java] Unexpected exception:
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
> [java] at
> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
> [java] at
> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> [java] at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> [java] at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> [java] at
> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> [java] at java.lang.Class.newInstance(Class.java:442)
> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
> [java] at
> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
> [java] at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>
>
>
> [java] java.lang.ExceptionInInitializerError
> [java] at
> javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
> [java] at
> javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
> [java] at
> javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
> [java] at
> sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
> [java] at
> sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
> [java] at
> sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
> [java] at
> sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
> [java] at
> sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
> [java] at
> sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
> [java] at java.lang.Class.forName0(Native Method)
> [java] at java.lang.Class.forName(Class.java:264)
> [java] at
> java.security.Provider$Service.getImplClass(Provider.java:1634)
> [java] at
> java.security.Provider$Service.newInstance(Provider.java:1592)
> [java] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> [java] at
> sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
> [java] at
> javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
> [java] at
> net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
> [java] at
> net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
> [java] at
> net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
> [java] at
> net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
> [java] at
> net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
> [java] at
> net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
> [java] at
> net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
> [java] at
> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
> [java] at
> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
> [java] at com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
> [java] at
> org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
> [java] at
> org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
> [java] at
> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
> [java] at
> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
> [java] at
> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
> [java] at
> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
> [java] at
> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
> [java] at
> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
> [java] at
> org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
> [java] at
> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
> [java] at
> org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
> [java] at
> org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
> [java] at
> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
> [java] at
> org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
> [java] at
> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
> [java] at
> org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
> [java] Caused by: java.lang.SecurityException: Can not initialize
> cryptographic mechanism
> [java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
> [java] ... 44 more
> [java] Caused by: java.lang.SecurityException: Cannot locate
> policy or framework files!
> [java] at
> javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
> [java] at
> javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
> [java] at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
More information about the security-dev
mailing list