-Djava.security.manager=problems for service provider
Sean Mullan
sean.mullan at oracle.com
Thu Mar 29 17:30:15 UTC 2018
Copying Naoto.
Naoto, the regression mentioned below that is causing the NPE looks to
be caused by changes to java.util.ResourceBundle in
https://bugs.openjdk.java.net/browse/JDK-8182601
Can you take a look and file a bug, if so?
Thanks,
Sean
On 3/29/18 4:53 AM, Peter wrote:
> Hello Java security people!
>
> It turns out we needed the -Djava.security.manager= option at startup
> after all...
>
> According to our SecurityManager implementation notes, the reason it
> instantiated the policy, was to ensure that the JVM had loaded all
> necessary classes, to prevent recursive errors. So I worked out we
> didn't actually need an instance of the policy, but instead, just make
> sure it's class is loaded along with other important classes, before the
> security manager is in force. I've also handed off the logging in the
> policy to an executor...
>
> So I've removed the instantation of policy provider from our security
> manager's constructor.
>
> I've actually got a permission check in the constructor of the security
> manager, if the AccessControlContext is privileged or if an
> AccessControlContext containing ProtectionDomains are privileged, the
> policy is never consulted. And so, the policy is not consulted or
> instantiated during the security managers construction as you can see
> below.
>
> I have a new problem:
>
> To state it simply, if you have a custom SecurityManager, you cannot use
> the built in sun.security.provider.PolicyFile because the class
> RBClassLoader cannot be initialized, due to a NullPointerException in
> it's static initializer:
>
> [java] Caused by: java.lang.NullPointerException
> [java] at
> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
>
> Which is just a null pointer dereference in RBClassLoaders static
> initializer block:
>
> static {
> // Find the extension class loader.
> ClassLoader ld = ClassLoader.getSystemClassLoader();
> ClassLoader parent;
> while ((parent = ld.getParent()) != null) {
> ld = parent;
> }
> loader = ld;
> }
>
> It should be:
>
> static {
> // Find the extension class loader.
> ClassLoader ld = ClassLoader.getSystemClassLoader();
> ClassLoader parent;
> while (ld != null) {
> parent = ld.getParent();
> if (parent == null) break;
> ld = parent;
> }
> loader = ld;
> }
>
> [java] Error occurred during initialization of VM
> [java] java.lang.ExceptionInInitializerError
> [java] at
> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
> [java] at
> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
> [java] at
> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
> [java] at
> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
> [java] at
> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
> [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
> [java] at
> java.security.ProtectionDomain.implies(ProtectionDomain.java:285)
> [java] at java.lang.System$1.run(System.java:316)
> [java] Unexpected exception:
> [java] java.io.IOException: The pipe is being closed
> [java] at java.io.FileOutputStream.writeBytes(Native Method)
> [java] at
> java.io.FileOutputStream.write(FileOutputStream.java:326)
> [java] at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> [java] at
> java.io.BufferedOutputStream.write(BufferedOutputStream.java:126)
> [java] at
> java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
>
> [java] at
> java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
>
> [java] at
> java.io.ObjectOutputStream.writeNonProxyDesc(ObjectOutputStream.java:1286)
> [java] at
> java.io.ObjectOutputStream.writeClassDesc(ObjectOutputStream.java:1231)
> [java] at
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1427)
>
> [java] at
> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
> [java] at
> java.io.ObjectOutputStream.writeFatalException(ObjectOutputStream.java:1577)
>
> [java] at
> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:351)
> [java] at
> org.apache.river.qa.harness.MasterHarness.runTestOtherVM(MasterHarness.java:883)
>
> [java] at
> org.apache.river.qa.harness.MasterHarness.access$200(MasterHarness.java:122)
>
> [java] at
> org.apache.river.qa.harness.MasterHarness$TestRunner.run(MasterHarness.java:616)
>
> [java] at
> org.apache.river.qa.harness.MasterHarness.runTests(MasterHarness.java:443)
> [java] at
> org.apache.river.qa.harness.QARunner.main(QARunner.java:67)
> [java]
> [java] TIME: 5:52:12 PM
> [java]
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at java.lang.System.setSecurityManager0(System.java:313)
> [java] at java.lang.System.setSecurityManager(System.java:291)
> [java] at sun.misc.Launcher.<init>(Launcher.java:101)
> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
> [java] at
> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
> [java] at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
> [java] Caused by: java.lang.NullPointerException
> [java] at
> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
> [java] at
> java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
> [java] at
> java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
> [java] at
> sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
> [java] at
> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:626)
> [java] at
> sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
> [java] at
> sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
> [java] at
> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
> [java] at
> sun.security.provider.PolicyFile.init(PolicyFile.java:439)
> [java] at
> sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
> [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196)
> [java] at
> java.security.ProtectionDomain.implies(ProtectionDomain.java:285)
> [java] at java.lang.System$1.run(System.java:316)
> [java] at java.security.AccessController.doPrivileged(Native
> Method)
> [java] at java.lang.System.setSecurityManager0(System.java:313)
> [java] at java.lang.System.setSecurityManager(System.java:291)
> [java] at sun.misc.Launcher.<init>(Launcher.java:101)
> [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
> [java] at
> java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
> [java] at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>
>
> In an earlier version of Java 1.8 RBClassLoader looked like this (it
> checked for null, so no NPE):
>
> /**
> * A wrapper of ClassLoader.getSystemClassLoader().
> */
> private static class RBClassLoader extends ClassLoader {
> private static final RBClassLoader INSTANCE =
> AccessController.doPrivileged(
> new PrivilegedAction<RBClassLoader>() {
> public RBClassLoader run() {
> return new RBClassLoader();
> }
> });
> private static final ClassLoader loader =
> ClassLoader.getSystemClassLoader();
>
> private RBClassLoader() {
> }
> public Class<?> loadClass(String name) throws
> ClassNotFoundException {
> if (loader != null) {
> return loader.loadClass(name);
> }
> return Class.forName(name);
> }
> public URL getResource(String name) {
> if (loader != null) {
> return loader.getResource(name);
> }
> return ClassLoader.getSystemResource(name);
> }
> public InputStream getResourceAsStream(String name) {
> if (loader != null) {
> return loader.getResourceAsStream(name);
> }
> return ClassLoader.getSystemResourceAsStream(name);
> }
> }
>
> In 1.8.0_162 it looks like this, see the null pointer dereference in the
> static initializer?:
>
> /**
> * A wrapper of Extension Class Loader
> */
> private static class RBClassLoader extends ClassLoader {
> private static final RBClassLoader INSTANCE =
> AccessController.doPrivileged(
> new PrivilegedAction<RBClassLoader>() {
> public RBClassLoader run() {
> return new RBClassLoader();
> }
> });
> private static final ClassLoader loader;
> static {
> // Find the extension class loader.
> ClassLoader ld = ClassLoader.getSystemClassLoader();
> ClassLoader parent;
> while ((parent = ld.getParent()) != null) {
> ld = parent;
> }
> loader = ld;
> }
>
> private RBClassLoader() {
> }
> public Class<?> loadClass(String name) throws
> ClassNotFoundException {
> if (loader != null) {
> return loader.loadClass(name);
> }
> return Class.forName(name);
> }
> public URL getResource(String name) {
> if (loader != null) {
> return loader.getResource(name);
> }
> return ClassLoader.getSystemResource(name);
> }
> public InputStream getResourceAsStream(String name) {
> if (loader != null) {
> return loader.getResourceAsStream(name);
> }
> return ClassLoader.getSystemResourceAsStream(name);
> }
> }
>
> Cheers,
>
> Peter.
>
> On 28/03/2018 2:20 PM, Peter wrote:
>> It would be more correct to say, it wasn't noticed until recently.
>>
>> The logger was recently added to our policy implementation as a todo
>> item, previously it went to System.out.err.
>>
>> The logger in our security manager, while a static field, has this
>> comment:
>>
>> /**
>> * Logger is lazily loaded, the SecurityManager can be loaded
>> prior to
>> * the system ClassLoader, attempting to load a Logger will cause a
>> * NullPointerException, when calling
>> ClassLoader.getSystemClassLoader(),
>> * in order to load the logger class.
>>
>> Unfortunately we can't have the same lazy loading for the policy
>> provider as all logging is related to parsing policy file syntax
>> errors, all done prior to construction of the policy.
>>
>> We could remove the Logger from the policy, but that makes tracking
>> down policy syntax errors a problem usually after a period of running,
>> rather than during start up.
>>
>> We also need to ensure all classes the SecurityManager will cause to
>> be loaded are loaded prior to the security manager constructor
>> completing.
>>
>> For example:
>>
>> /* The following ensures the classes we need are loaded early to avoid
>> * class loading deadlock */
>> checkPermission(new RuntimePermission("setIO"), SMPrivilegedContext);
>>
>> It seems the best advise is to simply avoid using
>> -Djava.security.manager in our case.
>>
>> Cheers,
>>
>> Peter.
>>
>>
>> On 28/03/2018 11:50 AM, Peter wrote:
>>> Thanks Daniel,
>>>
>>> Ah yes, I see what's happening and why this only occurs when using
>>> -Djava.security.manager=
>>>
>>> sun.misc.Launcher calls the security manager constructor from within
>>> its constructor, which creates a recursive call back to the static
>>> method Launcher.getLauncher(), which returns the uninitialized static
>>> launcher field.
>>>
>>> CombinerSecurityManager checks during construction that the policy
>>> has been instantiated and it also instantiates a Logger. It could
>>> safely lose the logger, but the policy must be fully instantiated
>>> before the security manager is in force, otherwise it creates
>>> recursive calls in the security manager implementation.
>>>
>>> The simplest fix would be to move the instantiation of
>>> SecurityManager to a static initializer in Launcher that occurs
>>> after the construction of Launcher and setting of the static launcher
>>> field.
>>>
>>> This didn't become a problem until recently upgrading to the latest
>>> Java 8 JDK, so not sure of the history here.
>>>
>>> Regards Peter.
>>>
>>> More comments inline below:
>>>
>>>> Hi,
>>>>
>>>> On 27/03/2018 14:06, Alan Bateman wrote:
>>>> >/ Moving this to security-dev.
>>>> />/
>>>> />/ From the stack trace, it looks like you are using JDK 8 or
>>>> older. There
>>>> />/ are several changes in JDK 9 and newer in the PolicyFile code
>>>> to how it
>>>> />/ loads its resources that may help with the issues you are seeing.
>>>> />/
>>>> />/ -Alan
>>>> /
>>>> [snip]
>>>>
>>>> >/ [java] at java.util.logging.Logger.log(Logger.java:788)
>>>> />/ [java] at
>>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
>>>>
>>>> /
>>>> In what logging is concerned, it's probably not a good idea to
>>>> use java.util.logging in a Policy/SecurityManager implementation
>>>> supplied on the command line as java.util.logging uses
>>>> doPrivileged and checks for permissions.
>>>
>>> Work arounds for that problem:
>>>
>>> * Delegate logging to an executor.
>>> * Use a thread local variable to detect trusted recursive calls.
>>> * Only log messages during startup, when the policy or security
>>> manager isn't active.
>>>
>>>
>>>> For the record the line that throws in the first stack trace
>>>> seems to be this one at LogManager.java:965
>>>>
>>>> Class<?> clz =
>>>> ClassLoader.getSystemClassLoader().loadClass(word);
>>>>
>>>> The exception is caught and printed on System.err at line 981
>>>> allowing the caller to proceed - so it's not what is
>>>> causing the ExceptionInInitializerError, but it shows that
>>>> ClassLoader.getSystemClassLoader() is probably returning null
>>>> at this point, and it looks like it is the same issue you're
>>>> seeing at ResourceBundle.java:502 later on, which prevents the
>>>> CombinerSecurityManager to initialize.
>>>>
>>>>
>>>> Hopes this helps,
>>>>
>>>> -- daniel
>>>>
>>>>
>>>> >/
>>>> />/ On 27/03/2018 13:56, Peter Firmstone wrote:
>>>> />>/ Not sure if this is the right place to mention this.
>>>> />>/
>>>> />>/ Anyone notice that specifying a custom security manager at jvm
>>>> start
>>>> />>/ up causes issues with service providers loading? If using
>>>> the sun
>>>> />>/ PolicyFile implementation, the policy doesn't load due to the
>>>> provider
>>>> />>/ failure, I have a custom policy implementation that will allow
>>>> the jvm
>>>> />>/ to run in this state, and other providers are also not
>>>> loading, such
>>>> />>/ as the logger and JCE.
>>>> />>/
>>>> />>/ Note that it doesn't occur if the security manager is set
>>>> />>/ programmatically in the main method at start up, only if it's
>>>> set via
>>>> />>/ command line option.
>>>> />>/
>>>> />>/ Examples of providers not loading:
>>>> />>/
>>>> />>/ [java] java.lang.NullPointerException
>>>> />>/ [java] Can't load log handler
>>>> "java.util.logging.ConsoleHandler"
>>>> />>/ [java] java.lang.NullPointerException
>>>> />>/ [java] java.lang.NullPointerException
>>>> />>/ [java] at
>>>> />>/ java.util.logging.LogManager$5.run(LogManager.java:965)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/
>>>> java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958)
>>>> />>/ [java] at
>>>> />>/
>>>> java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ java.util.logging.LogManager.access$1500(LogManager.java:145)
>>>> />>/ [java] at
>>>> />>/
>>>> java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> java.util.logging.Logger.getHandlers(Logger.java:1777)
>>>> />>/ [java] at java.util.logging.Logger.log(Logger.java:735)
>>>> />>/ [java] at
>>>> java.util.logging.Logger.doLog(Logger.java:765)
>>>> />>/ [java] at java.util.logging.Logger.log(Logger.java:788)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>> Method)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>>> />>/
>>>> />>/
>>>> />>/ [java] Error occurred during initialization of VM
>>>> />>/ [java] java.lang.ExceptionInInitializerError
>>>> />>/ [java] at
>>>> />>/ java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>>>> />>/ [java] at
>>>> />>/ java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>>>> />>/ [java] at
>>>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>>>> />>/ [java] at
>>>> java.security.Policy.getPolicy(Policy.java:154)
>>>> />>/ [java] at
>>>> net.jini.security.Security$7.run(Security.java:1054)
>>>> />>/ [java] at
>>>> net.jini.security.Security$7.run(Security.java:1052)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/ net.jini.security.Security.getPolicy(Security.java:1052)
>>>> />>/ [java] at
>>>> />>/ net.jini.security.Security.getContext(Security.java:506)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>> Method)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>>> />>/ [java] Caused by: java.lang.NullPointerException
>>>> />>/ [java] at
>>>> />>/
>>>> java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502)
>>>>
>>>> />>/ [java] at
>>>> />>/ java.util.ResourceBundle.getLoader(ResourceBundle.java:482)
>>>> />>/ [java] at
>>>> />>/ java.util.ResourceBundle.getBundle(ResourceBundle.java:783)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/ sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:626)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.access$400(PolicyFile.java:258)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:521)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile$3.run(PolicyFile.java:495)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.init(PolicyFile.java:439)
>>>> />>/ [java] at
>>>> />>/ sun.security.provider.PolicyFile.<init>(PolicyFile.java:297)
>>>> />>/ [java] at
>>>> java.security.Policy.getPolicyNoCheck(Policy.java:196)
>>>> />>/ [java] at
>>>> java.security.Policy.getPolicy(Policy.java:154)
>>>> />>/ [java] at
>>>> net.jini.security.Security$7.run(Security.java:1054)
>>>> />>/ [java] at
>>>> net.jini.security.Security$7.run(Security.java:1052)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/ net.jini.security.Security.getPolicy(Security.java:1052)
>>>> />>/ [java] at
>>>> />>/ net.jini.security.Security.getContext(Security.java:506)
>>>> />>/ [java] Unexpected exception:
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>> Method)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>>>> />>/ [java] at java.lang.Class.newInstance(Class.java:442)
>>>> />>/ [java] at sun.misc.Launcher.<init>(Launcher.java:93)
>>>> />>/ [java] at sun.misc.Launcher.<clinit>(Launcher.java:54)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451)
>>>> />>/ [java] at
>>>> />>/ java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436)
>>>> />>/
>>>> />>/
>>>> />>/
>>>> />>/ [java] java.lang.ExceptionInInitializerError
>>>> />>/ [java] at
>>>> />>/
>>>> javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
>>>> />>/ [java] at
>>>> />>/ javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
>>>> />>/ [java] at
>>>> />>/ javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535)
>>>>
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507)
>>>> />>/ [java] at
>>>> />>/ sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
>>>> />>/ [java] at
>>>> />>/
>>>> sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425)
>>>>
>>>> />>/
>>>> />>/ [java] at java.lang.Class.forName0(Native Method)
>>>> />>/ [java] at java.lang.Class.forName(Class.java:264)
>>>> />>/ [java] at
>>>> />>/ java.security.Provider$Service.getImplClass(Provider.java:1634)
>>>> />>/ [java] at
>>>> />>/ java.security.Provider$Service.newInstance(Provider.java:1592)
>>>> />>/ [java] at
>>>> />>/ sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
>>>> />>/ [java] at
>>>> />>/ sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
>>>> />>/ [java] at
>>>> />>/ javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712)
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284)
>>>>
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185)
>>>> />>/ [java] at
>>>> />>/ net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550)
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421)
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48)
>>>> />>/ [java] at
>>>> />>/ org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> />>/ javax.security.auth.Subject.doAsPrivileged(Subject.java:483)
>>>> />>/ [java] at
>>>> />>/
>>>> org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171)
>>>>
>>>> />>/
>>>> />>/ [java] at
>>>> />>/ org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150)
>>>> />>/ [java] Caused by: java.lang.SecurityException: Can not
>>>> initialize
>>>> />>/ cryptographic mechanism
>>>> />>/ [java] at
>>>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93)
>>>> />>/ [java] ... 44 more
>>>> />>/ [java] Caused by: java.lang.SecurityException: Cannot
>>>> locate
>>>> />>/ policy or framework files!
>>>> />>/ [java] at
>>>> />>/
>>>> javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316)
>>>>
>>>> />>/ [java] at
>>>> />>/ javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
>>>> />>/ [java] at
>>>> javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
>>>> />>/ [java] at
>>>> java.security.AccessController.doPrivileged(Native
>>>> />>/ Method)
>>>> />>/ [java] at
>>>> javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
>>>> />/
>>>> /
>>>
>>
>>
>
More information about the security-dev
mailing list