[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine

Mon, 12 Sep 2011 05:54:07 -0700 

    [ 
https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13102623#comment-13102623
 ] 

Gary D. Gregory commented on LANG-744:
--------------------------------------

The question is to myself or anyone willing to dig in to JAAS. It should not 
hold up a release.

What I am wondering is this: Is it technically possible to change JAAS 
permissions at runtime such that the code now in the static initializer could 
fail and then later, pass.

It might be a far fetched scenario, I am not sure, but JAAS has a some 
pluggable pieces.

I am pointing this out because we are low level library and we should do our 
best not to lock out a feature if we don't have to. 

Our code could be changed later to move the check or in the actual method that 
needs it instead of the class initializer.

> StringUtils throws java.security.AccessControlException on Google App Engine
> ----------------------------------------------------------------------------
>
>                 Key: LANG-744
>                 URL: https://issues.apache.org/jira/browse/LANG-744
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.0.1
>         Environment: Google App Engine
>            Reporter: Clément Denis
>             Fix For: 3.0.2
>
>
> In the static initializer of org.apache.commons.lang3.StringUtils, there is 
> an attempt to load the class sun.text.Normalizer.
> Such a class is prohibited on Google App Engine, and the static intializer 
> throws a java.security.AccessControlException.
> {code}
> Caused by: java.security.AccessControlException: access denied 
> (java.lang.RuntimePermission accessClassInPackage.sun.text)
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:546)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>       at 
> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
>       at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
>       at java.lang.Class.checkMemberAccess(Class.java:2164)
>       at java.lang.Class.getMethod(Class.java:1602)
>       at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:739)
> {code}
> The exception should be caught in the catch clauses around 
> loadClass("sun.text.Normalizer").
> Commons lang 2 worked fine on GAE.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to