[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13119717#comment-13119717 ] Sebb commented on LANG-744: --- No objections, so patch applied StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 Attachments: LANG-744.patch In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13112979#comment-13112979 ] Jon Stevens commented on LANG-744: -- I can confirm that the 3.0.2 snapshot fixes this. Thanks all. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 Attachments: LANG-744.patch In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13112992#comment-13112992 ] Sebb commented on LANG-744: --- Any objection to applying the patch to convert the method checks to IOD? That will remove the overhead for applications that don't use stripAccents. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 Attachments: LANG-744.patch In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13102456#comment-13102456 ] Henri Yandell commented on LANG-744: Who is the question to? [As I turn into a release manager and clearly am thinking how do I close this?] :) StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13102623#comment-13102623 ] Gary D. Gregory commented on LANG-744: -- The question is to myself or anyone willing to dig in to JAAS. It should not hold up a release. What I am wondering is this: Is it technically possible to change JAAS permissions at runtime such that the code now in the static initializer could fail and then later, pass. It might be a far fetched scenario, I am not sure, but JAAS has a some pluggable pieces. I am pointing this out because we are low level library and we should do our best not to lock out a feature if we don't have to. Our code could be changed later to move the check or in the actual method that needs it instead of the class initializer. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13102665#comment-13102665 ] Sebb commented on LANG-744: --- It might be worth changing the static init to a lazy init (IOD). This would reduce the overhead for applications that don't call stripAccents. Even if it is possible to change permissions without reloading the class, I'm not sure we check the methods each time. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13102304#comment-13102304 ] Gary D. Gregory commented on LANG-744: -- Yes, it's better. I'm not crazy about saving the exception but it's a good pragmatic solution. Q: Could a JAAS policy be changed dynamically such that the original code work normally? StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13102219#comment-13102219 ] Henri Yandell commented on LANG-744: Gary - are you +1 on Sebb's change? ie) Keep the exception, but only when stripAccents is invoked (making it the same as other examples presumably are). StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13098076#comment-13098076 ] Sebb commented on LANG-744: --- Reworked static init in r1165701. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13095211#comment-13095211 ] Sebb commented on LANG-744: --- The message will be thrown even if the sun method is not needed; that does not seem right. If the sun method is unavailable, the code that conditionally calls it throws UnsupportedOperationException: The stripAccents(CharSequence) method requires at least Java 1.6 or a Sun JVM); We could record the Exception in the static block, and add it as the cause for the UOE. It would then only appear when necessary. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13095689#comment-13095689 ] Gary D. Gregory commented on LANG-744: -- Well, I've ruminated, pondered and experimented. Running all unit tests with a security managers results in: Tests run: 2046, Failures: 2, Errors: 115, Skipped: 0 Clearly, we need a good overall solution to avoid 117 new Jiras (an exaggeration I know.) I've created a JAAS policy file to grant just enough permissions to run the unit tests in {{src/test/resource/java.policy}} The file contains instructions for using it with JAAS. What this shows is that we should either: # Run all unit tests a second time with JAAS enabled, or # Run all unit tests with JAAS enabled, always We should our solution as a pattern for other Commons component. Specifically for StringUtils, should we have a SunStringUtils? This would let you know that you are depending on com.sun code. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13095123#comment-13095123 ] Henri Yandell commented on LANG-744: I've added a similar item while Gary ruminates on this: +System.err.println(Caught a AccessControlException loading sun.text.Normalizer. + + Adjust your security manager if you want to use the stripAccents method. ); Committed as r1163906. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091661#comment-13091661 ] Henri Yandell commented on LANG-744: Much as System.out is weak; should we simply output a printStackTrace on the exception? StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091776#comment-13091776 ] Gary D. Gregory commented on LANG-744: -- That would be a minimum but I still do not like the design of {{catch (java.security.AccessControlException e)}}. If we do that it means that we should go through all [lang] (and [commons]) static initializers to possibly add this block. It is also inconsistent with methods that we do not even know may throw ACE? In one place we catch it, in others we do not. Not great. I need to think about this some more. Crazy day here... StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091797#comment-13091797 ] Stephen Colebourne commented on LANG-744: - [lang] already handles something similar in SystemUtils, line 1266 http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/main/java/org/apache/commons/lang3/SystemUtils.java?revision=1160564view=markup StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091043#comment-13091043 ] Gary D. Gregory commented on LANG-744: -- This is not a bug but the way Java Security Manager is designed to work. The patch should be reverted IMO because the exception is correct. This does not only happen with GAE, it happens anytime when running under Java's security manager ({{-Djava.security.manager}}) I do not think we should swallow the exception. In my case, I need to give proper rights to the code. In my test at work with the security manager enabled I see: {{java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text)}} Which means I need to add the following to my .policy file: {noformat} grant { // ... // Apache Commons Lang3 permission java.lang.RuntimePermission accessClassInPackage.sun.text; // ... }; {noformat} StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091062#comment-13091062 ] Clément Denis commented on LANG-744: I don't agree with that. The security manager cannot be changed in GAE, or in any other managed environment with strong security policiy. The use of a sun.* class is basically a hack, so I don't see why it should prevent me from using StringUtils in GAE. From a user point of view, it's a huge regression (I think I'm right when I say that StringUtils is one of the most widely used class in commons-lang). It would be acceptable if the method stripAccents raised a RuntimeError if no Normalizer could be found. But this bug prevents the use of the whole class. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091073#comment-13091073 ] Gary D. Gregory commented on LANG-744: -- The current exception tell you what to do for a normal set up with a security manager, clean and simple. If you do not control the security manager, then you are in a pickle. Perhaps we need some toggle. The current implementation should at least be revisited because it is wrong to set sunAvailable to false when in fact I can fix the exception as a user by editing a text file that can be passed in on the JVM CLI. If I never know that an exception was thrown, I cannot fix the problem. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis Fix For: 3.0.2 In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13089311#comment-13089311 ] Henri Yandell commented on LANG-744: No, but equally I'd like to hear when issues are found rather than hide them before hand. StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
[ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13088637#comment-13088637 ] Sebb commented on LANG-744: --- The static code should probably just catch Exception. Do we really want any RuntimeExceptions to escape into the calling code? StringUtils throws java.security.AccessControlException on Google App Engine Key: LANG-744 URL: https://issues.apache.org/jira/browse/LANG-744 Project: Commons Lang Issue Type: Bug Components: lang.* Affects Versions: 3.0.1 Environment: Google App Engine Reporter: Clément Denis In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt to load the class sun.text.Normalizer. Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException. {code} Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.Class.checkMemberAccess(Class.java:2164) at java.lang.Class.getMethod(Class.java:1602) at org.apache.commons.lang3.StringUtils.clinit(StringUtils.java:739) {code} The exception should be caught in the catch clauses around loadClass(sun.text.Normalizer). Commons lang 2 worked fine on GAE. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira