Source file launch with security manager enabled fails

Sean Mullan sean.mullan at oracle.com
Thu Feb 3 13:25:22 UTC 2022 

I only took a quick look, but it looks like a bug. The jdk.compiler 
module needs to be granted that permission in the default.policy file.

Please file a bug, or if you like I can file one on your behalf.

Thanks,
Sean

On 2/3/22 8:01 AM, Jaikiran Pai wrote:
> I'm unsure if core-libs is the right place for this or compiler-dev,
> sending this to core-libs for now.
> 
> Please consider this trivial Java source file:
> 
> public class HelloWorld {
>       public static void main(final String[] args) throws Exception {
>           System.out.println("Hello World");
>       }
> }
> 
> Running this in source file launcher mode as follows:
> 
> java HelloWorld.java
> 
> returns the expected result. However when running in source file
> launcher mode *and* with security manager enabled, it throws the
> following exception:
> 
> java -Djava.security.manager=default HelloWorld.java
> 
> WARNING: A command line option has enabled the Security Manager
> WARNING: The Security Manager is deprecated and will be removed in a
> future release
> Exception in thread "main" java.security.AccessControlException: access
> denied ("java.lang.RuntimePermission"
> "accessClassInPackage.jdk.internal.misc")
>       at
> java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
>       at
> java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
>       at
> java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
>       at
> java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332)
>       at
> java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184)
>       at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
>       at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
> 
> 
> This happens in Java 17 as well as latest master branch. I haven't
> checked older releases but I guess it's reproducible there too.
> 
> Are users expected to use an explicit policy file to add this permission
> in source file launch mode or is this missing an internal doPrivileged
> call in the JDK?
> 
> As an additional input, compiling this file first using javac and then
> launching it in traditional mode with security manager enabled works fine:
> 
> javac HelloWorld.java
> 
> java -Djava.security.manager=default HelloWorld
> WARNING: A command line option has enabled the Security Manager
> WARNING: The Security Manager is deprecated and will be removed in a
> future release
> Hello World
> 
> 
> -Jaikiran
> 
> 
>

More information about the core-libs-dev mailing list