-Djava.security.manager=problems for service providers
Peter Firmstone
peter.firmstone at zeus.net.au
Tue Mar 27 13:15:18 UTC 2018
I tested the JDK 9 pre releases and didn't experience issues, will have
to test again against the latest. Note on JDK1.8.0_162 it doesn't only
affect the PolicyFile provider.
Thanks,
Peter.
On 27/03/2018 11:06 PM, Alan Bateman wrote:
> Moving this to security-dev.
>
> From the stack trace, it looks like you are using JDK 8 or older.
> There are several changes in JDK 9 and newer in the PolicyFile code to
> how it loads its resources that may help with the issues you are seeing.
>
> -Alan
>
> On 27/03/2018 13:56, Peter Firmstone wrote:
>> Not sure if this is the right place to mention this.
>>
>> Anyone notice that specifying a custom security manager at jvm start
>> up causes issues with service providers loading? If using the sun
>> PolicyFile implementation, the policy doesn't load due to the
>> provider failure, I have a custom policy implementation that will
>> allow the jvm to run in this state, and other providers are also not
>> loading, such as the logger and JCE.
>>
>> Note that it doesn't occur if the security manager is set
>> programmatically in the main method at start up, only if it's set via
>> command line option.
>>
>> Examples of providers not loading:
>>
>> [java] java.lang.NullPointerException
>> [java] Can't load log handler "java.util.logging.ConsoleHandler"
>> [java] java.lang.NullPointerException
>> [java] java.lang.NullPointerException
>> [java] at
>> java.util.logging.LogManager$5.run(LogManager.java:965)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
>> [java] at
>> java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
>> [java] at
>> java.util.logging.LogManager.access$1500(LogManager.java:145)
>> [java] at
>> java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
>> [java] at
>> java.util.logging.Logger.getHandlers(Logger.java:1777)
>> [java] at java.util.logging.Logger.log(Logger.java:735)
>> [java] at java.util.logging.Logger.doLog(Logger.java:765)
>> [java] at java.util.logging.Logger.log(Logger.java:788)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
>> [java] at
>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> [java] at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> [java] at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>> [java] at java.lang.Class.newInstance(Class.java:442)
>> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>> [java] at
>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>> [java] at
>> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>
>>
>> [java] Error occurred during initialization of VM
>> [java] java.lang.ExceptionInInitializerError
>> [java] at
>> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>> [java] at
>> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>> [java] at
>> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>> [java] at
>> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>> [java] at
>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>> [java] at
>> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>> [java] at
>> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>> [java] at
>> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>> [java] at
>> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>> [java] at
>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>> [java] at
>> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>> [java] at
>> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>> [java] at
>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>> [java] at java.security.Policy.getPolicy(Policy.java:154)
>> [java] at net.jini.security.Security$7.run(Security.java:1054)
>> [java] at net.jini.security.Security$7.run(Security.java:1052)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> net.jini.security.Security.getPolicy(Security.java:1052)
>> [java] at
>> net.jini.security.Security.getContext(Security.java:506)
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> [java] at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> [java] at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>> [java] at java.lang.Class.newInstance(Class.java:442)
>> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>> [java] at
>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>> [java] at
>> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>> [java] Caused by: java.lang.NullPointerException
>> [java] at
>> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
>> [java] at
>> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>> [java] at
>> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>> [java] at
>> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>> [java] at
>> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>> [java] at
>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>> [java] at
>> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>> [java] at
>> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>> [java] at
>> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>> [java] at
>> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>> [java] at
>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>> [java] at
>> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>> [java] at
>> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>> [java] at
>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>> [java] at java.security.Policy.getPolicy(Policy.java:154)
>> [java] at net.jini.security.Security$7.run(Security.java:1054)
>> [java] at net.jini.security.Security$7.run(Security.java:1052)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> net.jini.security.Security.getPolicy(Security.java:1052)
>> [java] at
>> net.jini.security.Security.getContext(Security.java:506)
>> [java] Unexpected exception:
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>> [java] at
>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>> [java] at
>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> [java] at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> [java] at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> [java] at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>> [java] at java.lang.Class.newInstance(Class.java:442)
>> [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>> [java] at
>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>> [java] at
>> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>
>>
>>
>> [java] java.lang.ExceptionInInitializerError
>> [java] at
>> javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
>> [java] at
>> javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
>> [java] at
>> javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
>> [java] at
>> sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
>> [java] at
>> sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
>> [java] at
>> sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
>> [java] at
>> sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
>> [java] at
>> sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
>> [java] at
>> sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
>> [java] at java.lang.Class.forName0(Native Method)
>> [java] at java.lang.Class.forName(Class.java:264)
>> [java] at
>> java.security.Provider$Service.getImplClass(Provider.java:1634)
>> [java] at
>> java.security.Provider$Service.newInstance(Provider.java:1592)
>> [java] at
>> sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
>> [java] at
>> sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
>> [java] at
>> javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
>> [java] at
>> net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
>> [java] at
>> net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
>> [java] at
>> net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
>> [java] at
>> net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
>> [java] at
>> net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
>> [java] at
>> net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
>> [java] at
>> net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
>> [java] at
>> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
>> [java] at
>> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
>> [java] at com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
>> [java] at
>> org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
>> [java] at
>> org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
>> [java] at
>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>> [java] at
>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>> [java] at
>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
>> [java] at
>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
>> [java] at
>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>> [java] at
>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>> [java] at
>> org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
>> [java] at
>> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
>> [java] at
>> org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
>> [java] at
>> org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
>> [java] at
>> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
>> [java] at
>> org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
>> [java] at
>> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
>> [java] at
>> org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
>> [java] Caused by: java.lang.SecurityException: Can not
>> initialize cryptographic mechanism
>> [java] at
>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
>> [java] ... 44 more
>> [java] Caused by: java.lang.SecurityException: Cannot locate
>> policy or framework files!
>> [java] at
>> javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
>> [java] at
>> javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
>> [java] at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
>> [java] at java.security.AccessController.doPrivileged(Native
>> Method)
>> [java] at
>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
>
More information about the security-dev
mailing list