-Djava.security.manager=problems for service provider
Peter
jini at zeus.net.au
Thu Mar 29 08:53:58 UTC 2018
Hello Java security people!
It turns out we needed the -Djava.security.manager= option at startup
after all...
According to our SecurityManager implementation notes, the reason it
instantiated the policy, was to ensure that the JVM had loaded all
necessary classes, to prevent recursive errors. So I worked out we
didn't actually need an instance of the policy, but instead, just make
sure it's class is loaded along with other important classes, before the
security manager is in force. I've also handed off the logging in the
policy to an executor...
So I've removed the instantation of policy provider from our security
manager's constructor.
I've actually got a permission check in the constructor of the security
manager, if the AccessControlContext is privileged or if an
AccessControlContext containing ProtectionDomains are privileged, the
policy is never consulted. And so, the policy is not consulted or
instantiated during the security managers construction as you can see below.
I have a new problem:
To state it simply, if you have a custom SecurityManager, you cannot use
the built in sun.security.provider.PolicyFile because the class
RBClassLoader cannot be initialized, due to a NullPointerException in
it's static initializer:
[java] Caused by: java.lang.NullPointerException
[java] at
java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
Which is just a null pointer dereference in RBClassLoaders static
initializer block:
static {
// Find the extension class loader.
ClassLoader ld = ClassLoader.getSystemClassLoader();
ClassLoader parent;
while ((parent = ld.getParent()) != null) {
ld = parent;
}
loader = ld;
}
It should be:
static {
// Find the extension class loader.
ClassLoader ld = ClassLoader.getSystemClassLoader();
ClassLoader parent;
while (ld != null) {
parent = ld.getParent();
if (parent == null) break;
ld = parent;
}
loader = ld;
}
[java] Error occurred during initialization of VM
[java] java.lang.ExceptionInInitializerError
[java] at
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
[java] at
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
[java] at
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
[java] at
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
[java] at
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
[java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
[java] at
java.security.ProtectionDomain.implies(ProtectionDomain.java:285)
[java] at java.lang.System$1.run(System.java:316)
[java] Unexpected exception:
[java] java.io.IOException: The pipe is being closed
[java] at java.io.FileOutputStream.writeBytes(Native Method)
[java] at
java.io.FileOutputStream.write(FileOutputStream.java:326)
[java] at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
[java] at
java.io.BufferedOutputStream.write(BufferedOutputStream.java:126)
[java] at
java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
[java] at
java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
[java] at
java.io.ObjectOutputStream.writeNonProxyDesc(ObjectOutputStream.java:1286)
[java] at
java.io.ObjectOutputStream.writeClassDesc(ObjectOutputStream.java:1231)
[java] at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1427)
[java] at
java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
[java] at
java.io.ObjectOutputStream.writeFatalException(ObjectOutputStream.java:1577)
[java] at
java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:351)
[java] at
org.apache.river.qa.harness.MasterHarness.runTestOtherVM(MasterHarness.java:883)
[java] at
org.apache.river.qa.harness.MasterHarness.access$200(MasterHarness.java:122)
[java] at
org.apache.river.qa.harness.MasterHarness$TestRunner.run(MasterHarness.java:616)
[java] at
org.apache.river.qa.harness.MasterHarness.runTests(MasterHarness.java:443)
[java] at
org.apache.river.qa.harness.QARunner.main(QARunner.java:67)
[java]
[java] TIME: 5:52:12 PM
[java]
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at java.lang.System.setSecurityManager0(System.java:313)
[java] at java.lang.System.setSecurityManager(System.java:291)
[java] at sun.misc.Launcher.<init>(Launcher.java:101)
[java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
[java] at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
[java] Caused by: java.lang.NullPointerException
[java] at
java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
[java] at
java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
[java] at
java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
[java] at
sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
[java] at
sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:626)
[java] at
sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
[java] at
sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
[java] at
sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
[java] at
sun.security.provider.PolicyFile.init(PolicyFile.java:439)
[java] at
sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
[java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
[java] at
java.security.ProtectionDomain.implies(ProtectionDomain.java:285)
[java] at java.lang.System$1.run(System.java:316)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at java.lang.System.setSecurityManager0(System.java:313)
[java] at java.lang.System.setSecurityManager(System.java:291)
[java] at sun.misc.Launcher.<init>(Launcher.java:101)
[java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at
java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
[java] at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
In an earlier version of Java 1.8 RBClassLoader looked like this (it
checked for null, so no NPE):
/**
* A wrapper of ClassLoader.getSystemClassLoader().
*/
private static class RBClassLoader extends ClassLoader {
private static final RBClassLoader INSTANCE =
AccessController.doPrivileged(
new PrivilegedAction<RBClassLoader>() {
public RBClassLoader run() {
return new RBClassLoader();
}
});
private static final ClassLoader loader =
ClassLoader.getSystemClassLoader();
private RBClassLoader() {
}
public Class<?> loadClass(String name) throws
ClassNotFoundException {
if (loader != null) {
return loader.loadClass(name);
}
return Class.forName(name);
}
public URL getResource(String name) {
if (loader != null) {
return loader.getResource(name);
}
return ClassLoader.getSystemResource(name);
}
public InputStream getResourceAsStream(String name) {
if (loader != null) {
return loader.getResourceAsStream(name);
}
return ClassLoader.getSystemResourceAsStream(name);
}
}
In 1.8.0_162 it looks like this, see the null pointer dereference in the
static initializer?:
/**
* A wrapper of Extension Class Loader
*/
private static class RBClassLoader extends ClassLoader {
private static final RBClassLoader INSTANCE =
AccessController.doPrivileged(
new PrivilegedAction<RBClassLoader>() {
public RBClassLoader run() {
return new RBClassLoader();
}
});
private static final ClassLoader loader;
static {
// Find the extension class loader.
ClassLoader ld = ClassLoader.getSystemClassLoader();
ClassLoader parent;
while ((parent = ld.getParent()) != null) {
ld = parent;
}
loader = ld;
}
private RBClassLoader() {
}
public Class<?> loadClass(String name) throws
ClassNotFoundException {
if (loader != null) {
return loader.loadClass(name);
}
return Class.forName(name);
}
public URL getResource(String name) {
if (loader != null) {
return loader.getResource(name);
}
return ClassLoader.getSystemResource(name);
}
public InputStream getResourceAsStream(String name) {
if (loader != null) {
return loader.getResourceAsStream(name);
}
return ClassLoader.getSystemResourceAsStream(name);
}
}
Cheers,
Peter.
On 28/03/2018 2:20 PM, Peter wrote:
> It would be more correct to say, it wasn't noticed until recently.
>
> The logger was recently added to our policy implementation as a todo
> item, previously it went to System.out.err.
>
> The logger in our security manager, while a static field, has this
> comment:
>
> /**
> * Logger is lazily loaded, the SecurityManager can be loaded
> prior to
> * the system ClassLoader, attempting to load a Logger will cause a
> * NullPointerException, when calling
> ClassLoader.getSystemClassLoader(),
> * in order to load the logger class.
>
> Unfortunately we can't have the same lazy loading for the policy
> provider as all logging is related to parsing policy file syntax
> errors, all done prior to construction of the policy.
>
> We could remove the Logger from the policy, but that makes tracking
> down policy syntax errors a problem usually after a period of running,
> rather than during start up.
>
> We also need to ensure all classes the SecurityManager will cause to
> be loaded are loaded prior to the security manager constructor
> completing.
>
> For example:
>
> /* The following ensures the classes we need are loaded early to avoid
> * class loading deadlock */
> checkPermission(new RuntimePermission("setIO"), SMPrivilegedContext);
>
> It seems the best advise is to simply avoid using
> -Djava.security.manager in our case.
>
> Cheers,
>
> Peter.
>
>
> On 28/03/2018 11:50 AM, Peter wrote:
>> Thanks Daniel,
>>
>> Ah yes, I see what's happening and why this only occurs when using
>> -Djava.security.manager=
>>
>> sun.misc.Launcher calls the security manager constructor from within
>> its constructor, which creates a recursive call back to the static
>> method Launcher.getLauncher(), which returns the uninitialized static
>> launcher field.
>>
>> CombinerSecurityManager checks during construction that the policy
>> has been instantiated and it also instantiates a Logger. It could
>> safely lose the logger, but the policy must be fully instantiated
>> before the security manager is in force, otherwise it creates
>> recursive calls in the security manager implementation.
>>
>> The simplest fix would be to move the instantiation of
>> SecurityManager to a static initializer in Launcher that occurs
>> after the construction of Launcher and setting of the static launcher
>> field.
>>
>> This didn't become a problem until recently upgrading to the latest
>> Java 8 JDK, so not sure of the history here.
>>
>> Regards Peter.
>>
>> More comments inline below:
>>
>>> Hi,
>>>
>>> On 27/03/2018 14:06, Alan Bateman wrote:
>>> >/ Moving this to security-dev.
>>> />/
>>> />/ From the stack trace, it looks like you are using JDK 8 or
>>> older. There
>>> />/ are several changes in JDK 9 and newer in the PolicyFile code
>>> to how it
>>> />/ loads its resources that may help with the issues you are seeing.
>>> />/
>>> />/ -Alan
>>> /
>>> [snip]
>>>
>>> >/ [java] at java.util.logging.Logger.log(Logger.java:788)
>>> />/ [java] at
>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
>>> /
>>> In what logging is concerned, it's probably not a good idea to
>>> use java.util.logging in a Policy/SecurityManager implementation
>>> supplied on the command line as java.util.logging uses
>>> doPrivileged and checks for permissions.
>>
>> Work arounds for that problem:
>>
>> * Delegate logging to an executor.
>> * Use a thread local variable to detect trusted recursive calls.
>> * Only log messages during startup, when the policy or security
>> manager isn't active.
>>
>>
>>> For the record the line that throws in the first stack trace
>>> seems to be this one at LogManager.java:965
>>>
>>> Class<?> clz =
>>> ClassLoader.getSystemClassLoader().loadClass(word);
>>>
>>> The exception is caught and printed on System.err at line 981
>>> allowing the caller to proceed - so it's not what is
>>> causing the ExceptionInInitializerError, but it shows that
>>> ClassLoader.getSystemClassLoader() is probably returning null
>>> at this point, and it looks like it is the same issue you're
>>> seeing at ResourceBundle.java:502 later on, which prevents the
>>> CombinerSecurityManager to initialize.
>>>
>>>
>>> Hopes this helps,
>>>
>>> -- daniel
>>>
>>>
>>> >/
>>> />/ On 27/03/2018 13:56, Peter Firmstone wrote:
>>> />>/ Not sure if this is the right place to mention this.
>>> />>/
>>> />>/ Anyone notice that specifying a custom security manager at jvm
>>> start
>>> />>/ up causes issues with service providers loading? If using
>>> the sun
>>> />>/ PolicyFile implementation, the policy doesn't load due to the
>>> provider
>>> />>/ failure, I have a custom policy implementation that will allow
>>> the jvm
>>> />>/ to run in this state, and other providers are also not
>>> loading, such
>>> />>/ as the logger and JCE.
>>> />>/
>>> />>/ Note that it doesn't occur if the security manager is set
>>> />>/ programmatically in the main method at start up, only if it's
>>> set via
>>> />>/ command line option.
>>> />>/
>>> />>/ Examples of providers not loading:
>>> />>/
>>> />>/ [java] java.lang.NullPointerException
>>> />>/ [java] Can't load log handler
>>> "java.util.logging.ConsoleHandler"
>>> />>/ [java] java.lang.NullPointerException
>>> />>/ [java] java.lang.NullPointerException
>>> />>/ [java] at
>>> />>/ java.util.logging.LogManager$5.run(LogManager.java:965)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/
>>> java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
>>> />>/ [java] at
>>> />>/
>>> java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
>>> />>/
>>> />>/ [java] at
>>> />>/ java.util.logging.LogManager.access$1500(LogManager.java:145)
>>> />>/ [java] at
>>> />>/
>>> java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
>>> />>/
>>> />>/ [java] at
>>> java.util.logging.Logger.getHandlers(Logger.java:1777)
>>> />>/ [java] at java.util.logging.Logger.log(Logger.java:735)
>>> />>/ [java] at
>>> java.util.logging.Logger.doLog(Logger.java:765)
>>> />>/ [java] at java.util.logging.Logger.log(Logger.java:788)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
>>> />>/
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
>>> />>/
>>> />>/ [java] at
>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>> Method)
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>> />>/
>>> />>/ [java] at
>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>> />>/ [java] at
>>> />>/
>>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>> />>/ [java] at
>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>> />>/
>>> />>/
>>> />>/ [java] Error occurred during initialization of VM
>>> />>/ [java] java.lang.ExceptionInInitializerError
>>> />>/ [java] at
>>> />>/ java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>>> />>/ [java] at
>>> />>/ java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>>> />>/ [java] at
>>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>>> />>/ [java] at
>>> java.security.Policy.getPolicy(Policy.java:154)
>>> />>/ [java] at
>>> net.jini.security.Security$7.run(Security.java:1054)
>>> />>/ [java] at
>>> net.jini.security.Security$7.run(Security.java:1052)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/ net.jini.security.Security.getPolicy(Security.java:1052)
>>> />>/ [java] at
>>> />>/ net.jini.security.Security.getContext(Security.java:506)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>>> />>/
>>> />>/ [java] at
>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>> Method)
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>> />>/
>>> />>/ [java] at
>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>> />>/ [java] at
>>> />>/
>>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>> />>/ [java] at
>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>> />>/ [java] Caused by: java.lang.NullPointerException
>>> />>/ [java] at
>>> />>/
>>> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
>>> />>/ [java] at
>>> />>/ java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>>> />>/ [java] at
>>> />>/ java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/ sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>>> />>/ [java] at
>>> />>/
>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>>> />>/ [java] at
>>> />>/ sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>>> />>/ [java] at
>>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>>> />>/ [java] at
>>> java.security.Policy.getPolicy(Policy.java:154)
>>> />>/ [java] at
>>> net.jini.security.Security$7.run(Security.java:1054)
>>> />>/ [java] at
>>> net.jini.security.Security$7.run(Security.java:1052)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/ net.jini.security.Security.getPolicy(Security.java:1052)
>>> />>/ [java] at
>>> />>/ net.jini.security.Security.getContext(Security.java:506)
>>> />>/ [java] Unexpected exception:
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>>> />>/
>>> />>/ [java] at
>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>> Method)
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>> />>/
>>> />>/ [java] at
>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>> />>/ [java] at
>>> />>/
>>> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>> />>/ [java] at
>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>> />>/
>>> />>/
>>> />>/
>>> />>/ [java] java.lang.ExceptionInInitializerError
>>> />>/ [java] at
>>> />>/
>>> javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
>>> />>/ [java] at
>>> />>/ javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
>>> />>/ [java] at
>>> />>/ javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
>>> />>/ [java] at
>>> />>/
>>> sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
>>> />>/ [java] at
>>> />>/
>>> sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
>>> />>/ [java] at
>>> />>/ sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
>>> />>/ [java] at
>>> />>/
>>> sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
>>> />>/ [java] at
>>> />>/
>>> sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
>>> />>/
>>> />>/ [java] at java.lang.Class.forName0(Native Method)
>>> />>/ [java] at java.lang.Class.forName(Class.java:264)
>>> />>/ [java] at
>>> />>/ java.security.Provider$Service.getImplClass(Provider.java:1634)
>>> />>/ [java] at
>>> />>/ java.security.Provider$Service.newInstance(Provider.java:1592)
>>> />>/ [java] at
>>> />>/ sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
>>> />>/ [java] at
>>> />>/ sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
>>> />>/ [java] at
>>> />>/ javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
>>>
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
>>> />>/ [java] at
>>> />>/ net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
>>> />>/
>>> />>/ [java] at
>>> com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
>>> />>/
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
>>> />>/ [java] at
>>> />>/ org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> />>/ javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
>>> />>/ [java] at
>>> />>/
>>> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
>>> />>/
>>> />>/ [java] at
>>> />>/ org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
>>> />>/ [java] Caused by: java.lang.SecurityException: Can not
>>> initialize
>>> />>/ cryptographic mechanism
>>> />>/ [java] at
>>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
>>> />>/ [java] ... 44 more
>>> />>/ [java] Caused by: java.lang.SecurityException: Cannot
>>> locate
>>> />>/ policy or framework files!
>>> />>/ [java] at
>>> />>/
>>> javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
>>>
>>> />>/ [java] at
>>> />>/ javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
>>> />>/ [java] at
>>> javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
>>> />>/ [java] at
>>> java.security.AccessController.doPrivileged(Native
>>> />>/ Method)
>>> />>/ [java] at
>>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
>>> />/
>>> /
>>
>
>
More information about the security-dev
mailing list