On May 25, 2007, at 12:37 AM, Pierre Parrend wrote:
Hello,
thanks for the tip, to tell the Classes to use the right policy
reader is usefull. However, I now get a ugly NullPointerException
in policy reading, it seems that the given reader has problem
reading the name of the ProtectionDomain:
Hmm, no, this looks more like a problem with recursive permission
checks; that is, something needs to have a permission checked while
it's checking a permission. It also looks like Classpath will
eventually deny the permission your code is requesting.
This is a little odd, because it looks like Classpath internal code
is being denied a permission. That's wrong; library code should be
able to do what it pleases.
This feels like a regression. What version of Classpath and jamvm are
you using?
Thanks.
java.lang.ExceptionInInitializerError
at gnu.java.security.x509.X509Certificate.toString
(X509Certificate.java:455)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.CodeSource.toString(CodeSource.java:269)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.ProtectionDomain.toString(ProtectionDomain.java:
212)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:157)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission
(SecurityManager.java:356)
at java.lang.SecurityManager.checkPropertyAccess
(SecurityManager.java:820)
at java.lang.System.getProperty(System.java:397)
at org.apache.felix.main.Main.<clinit>(Main.java:66)
Caused by: java.lang.NullPointerException
at java.io.PrintWriter.println(PrintWriter.java:395)
at java.io.PrintWriter.println(PrintWriter.java:523)
at gnu.java.security.x509.X509Certificate.toString
(X509Certificate.java:456)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.CodeSource.toString(CodeSource.java:269)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.ProtectionDomain.toString(ProtectionDomain.java:
212)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:157)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission
(SecurityManager.java:356)
at java.lang.SecurityManager.checkPropertyAccess
(SecurityManager.java:820)
at java.lang.System.getProperty(System.java:418)
at java.io.PrintWriter.<clinit>(PrintWriter.java:381)
at gnu.java.security.x509.X509Certificate.toString
(X509Certificate.java:455)
Quoting Casey Marshall <[EMAIL PROTECTED]>:
On May 24, 2007, at 1:58 PM, Pierre Parrend wrote:
Hello,
for instance, I have the following command:
jamvm -Djava.security.manager -Djava.security.policy=conf/
java.policy -cp
bin/felix.jar: org.apache.felix.main.Main
(jamvm uses the Gnu classpath, with default configuration)
with following conf/java.policy file:
grant codeBase "/code/osgi-projects/sfelix/sfelix0.2.2/main/-" {
permission java.io.FilePermission "/home/pierre/.felix/
testSF", "read";
permission java.lang.RuntimePermission "exitVM";
};
which gives me following error:
Error creating bundle cache:
permission (java.io.FilePermission /home/pierre/.felix/testSF
read) not granted:
no protection domains
Could not create framework: java.security.AccessControlException:
permission
(java.lang.RuntimePermission exitVM ) not granted: no protection
domains
java.security.AccessControlException: permission
(java.lang.RuntimePermission
exitVM ) not granted: no protection domains
at
java.security.AccessControlContext.checkPermission
(AccessControlContext.java:149)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission
(SecurityManager.java:356)
at java.lang.SecurityManager.checkExit(SecurityManager.java:475)
at java.lang.Runtime.exit(Runtime.java:171)
at java.lang.System.exit(System.java:506)
at
org.apache.felix.framework.util.SecureAction$Actions.run
(SecureAction.java:843)
at java.security.AccessController.doPrivileged
(AccessController.java:195)
at org.apache.felix.framework.util.SecureAction.exit
(SecureAction.java:624)
at org.apache.felix.framework.Felix.start(Felix.java:276)
at org.apache.felix.main.Main.main(Main.java:208)
(executed platform is the Felix OSGi implementation, which work
well without the
security set)
One problem here is that Classpath still unfortunately uses a bogus
DefaultPolicy class for its policy, not the one that reads policy
files. You can force using the policy file reader by adding the
option:
-Dpolicy.provider=gnu.java.security.PolicyFile
...I don't know why the default policy would reject the permission
checks, though, since (AFAIK) the default policy grants
AllPermission.
