<AWT Dev> Reviewer needed - fix for regression test java/awt/Insets/WindowWithWarningTest/WindowWithWarningTest
Dr Andrew John Hughes
ahughes at redhat.com
Thu Dec 2 10:26:40 PST 2010
On 19:28 Wed 01 Dec , Anthony Petrov wrote:
> On 12/1/2010 6:37 PM, Pavel Tisnovsky wrote:
snip...
> By default there's no any security policy present, and as such the
> default implementation of the SecurityManager permits everything. We
> override the checkTopLevelWindow() specifically to make AWT think
> there's no toplevelwindow permission present. However, all the rest of
> the permissions (including the AWT robot one) must be granted.
>
> If that is not the case, I believe your testing environment picks up
> some customized security policy which disallows everything by default.
> Could you verify that please?
>
I may be missing something here but I believe the default SecurityManager
only permits things allowed by jre/lib/security/java.policy.
Specifically, if I run a simple Java class:
import java.awt.AWTPermission;
public class TestSecurity
{
public static void main(String[] args)
{
System.out.println(System.getSecurityManager());
System.setSecurityManager(new SecurityManager());
System.out.println(System.getSecurityManager());
System.getSecurityManager().checkPermission(new AWTPermission("createRobot"));
}
}
This runs as follows:
$ java TestSecurity
null
java.lang.SecurityManager at 41d5550d
Exception in thread "main" java.security.AccessControlException: access denied (java.awt.AWTPermission createRobot)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at TestSecurity.main(TestSecurity.java:10)
whereas if I adjust the Policy:
import java.awt.AWTPermission;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
public class TestSecurity
{
public static void main(String[] args)
{
System.out.println(System.getSecurityManager());
Policy.setPolicy(new Policy()
{
public boolean implies(ProtectionDomain d, Permission p)
{
if (p instanceof Permission &&
p.getName().equals("createRobot"))
return true;
return super.implies(d,p);
}
});
System.setSecurityManager(new SecurityManager());
System.out.println(System.getSecurityManager());
System.getSecurityManager().checkPermission(new AWTPermission("createRobot"));
}
}
$ java TestSecurity
null
java.lang.SecurityManager at a422ede
By default, there is no SecurityManager (getSecurityManager returns null) and thus
everything is permitted. Once the default instance is installed, you're subject
to java.policy.
The above results are nothing to do with jtreg as the above examples
are all just run with a standard 'java' invocation.
> --
> best regards,
> Anthony
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the awt-dev
mailing list