Re: -Djava.security.manager=problems for service providers

Wed, 28 Mar 2018 12:39:03 -0700

I tested the JDK 9 pre releases and didn't experience issues, will have to test again against the latest. Note on JDK1.8.0_162 it doesn't only affect the PolicyFile provider. 

Thanks,

Peter.

On 27/03/2018 11:06 PM, Alan Bateman wrote:

Moving this to security-dev.
From the stack trace, it looks like you are using JDK 8 or older. There are several changes in JDK 9 and newer in the PolicyFile code to how it loads its resources that may help with the issues you are seeing. 

-Alan

On 27/03/2018 13:56, Peter Firmstone wrote:

Not sure if this is the right place to mention this.
Anyone notice that specifying a custom security manager at jvm start up causes issues with service providers loading? If using the sun PolicyFile implementation, the policy doesn't load due to the provider failure, I have a custom policy implementation that will allow the jvm to run in this state, and other providers are also not loading, such as the logger and JCE.
Note that it doesn't occur if the security manager is set programmatically in the main method at start up, only if it's set via command line option. 

Examples of providers not loading:

     [java] java.lang.NullPointerException
     [java] Can't load log handler "java.util.logging.ConsoleHandler"
     [java] java.lang.NullPointerException
     [java] java.lang.NullPointerException
[java] at java.util.logging.LogManager$5.run(LogManager.java:965) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:958) [java] at java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:1578) [java] at java.util.logging.LogManager.access$1500(LogManager.java:145) [java] at java.util.logging.LogManager$RootLogger.accessCheckedHandlers(LogManager.java:1667) [java] at java.util.logging.Logger.getHandlers(Logger.java:1777) 
     [java]     at java.util.logging.Logger.log(Logger.java:735)
     [java]     at java.util.logging.Logger.doLog(Logger.java:765)
     [java]     at java.util.logging.Logger.log(Logger.java:788)
[java] at org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:496) [java] at org.apache.river.api.security.ConcurrentPolicyFile$2.run(ConcurrentPolicyFile.java:469) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at org.apache.river.api.security.ConcurrentPolicyFile.readPoliciesNoCheckGuard(ConcurrentPolicyFile.java:468) [java] at org.apache.river.api.security.ConcurrentPolicyFile.readPolicyPermissionGrants(ConcurrentPolicyFile.java:243) [java] at org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:253) [java] at org.apache.river.api.security.ConcurrentPolicyFile.<init>(ConcurrentPolicyFile.java:226) [java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:154) [java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:133) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:162) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [java] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:423) 
     [java]     at java.lang.Class.newInstance(Class.java:442)
     [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
     [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451) [java] at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436) 


     [java] Error occurred during initialization of VM
     [java] java.lang.ExceptionInInitializerError
[java] at java.util.ResourceBundle.getLoader(ResourceBundle.java:482) [java] at java.util.ResourceBundle.getBundle(ResourceBundle.java:783) [java] at sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47) [java] at sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43) [java] at sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888) [java] at sun.security.provider.PolicyFile.init(PolicyFile.java:626) [java] at sun.security.provider.PolicyFile.access$400(PolicyFile.java:258) [java] at sun.security.provider.PolicyFile$3.run(PolicyFile.java:521) [java] at sun.security.provider.PolicyFile$3.run(PolicyFile.java:495) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495) [java] at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480) [java] at sun.security.provider.PolicyFile.init(PolicyFile.java:439) [java] at sun.security.provider.PolicyFile.<init>(PolicyFile.java:297) [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196) 
     [java]     at java.security.Policy.getPolicy(Policy.java:154)
     [java]     at net.jini.security.Security$7.run(Security.java:1054)
     [java]     at net.jini.security.Security$7.run(Security.java:1052)
[java] at java.security.AccessController.doPrivileged(Native Method) [java] at net.jini.security.Security.getPolicy(Security.java:1052) [java] at net.jini.security.Security.getContext(Security.java:506) [java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140) [java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [java] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:423) 
     [java]     at java.lang.Class.newInstance(Class.java:442)
     [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
     [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451) [java] at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436) 
     [java] Caused by: java.lang.NullPointerException
[java] at java.util.ResourceBundle$RBClassLoader.<clinit>(ResourceBundle.java:502) [java] at java.util.ResourceBundle.getLoader(ResourceBundle.java:482) [java] at java.util.ResourceBundle.getBundle(ResourceBundle.java:783) [java] at sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:47) [java] at sun.security.util.ResourcesMgr$1.run(ResourcesMgr.java:44) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at sun.security.util.ResourcesMgr.getString(ResourcesMgr.java:43) [java] at sun.security.provider.PolicyFile.addGrantEntry(PolicyFile.java:888) [java] at sun.security.provider.PolicyFile.init(PolicyFile.java:626) [java] at sun.security.provider.PolicyFile.access$400(PolicyFile.java:258) [java] at sun.security.provider.PolicyFile$3.run(PolicyFile.java:521) [java] at sun.security.provider.PolicyFile$3.run(PolicyFile.java:495) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:495) [java] at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:480) [java] at sun.security.provider.PolicyFile.init(PolicyFile.java:439) [java] at sun.security.provider.PolicyFile.<init>(PolicyFile.java:297) [java] at java.security.Policy.getPolicyNoCheck(Policy.java:196) 
     [java]     at java.security.Policy.getPolicy(Policy.java:154)
     [java]     at net.jini.security.Security$7.run(Security.java:1054)
     [java]     at net.jini.security.Security$7.run(Security.java:1052)
[java] at java.security.AccessController.doPrivileged(Native Method) [java] at net.jini.security.Security.getPolicy(Security.java:1052) [java] at net.jini.security.Security.getContext(Security.java:506) 
     [java] Unexpected exception:
[java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:140) [java] at org.apache.river.api.security.CombinerSecurityManager.<init>(CombinerSecurityManager.java:132) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:137) [java] at org.apache.river.tool.SecurityPolicyWriter.<init>(SecurityPolicyWriter.java:160) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [java] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [java] at java.lang.reflect.Constructor.newInstance(Constructor.java:423) 
     [java]     at java.lang.Class.newInstance(Class.java:442)
     [java]     at sun.misc.Launcher.<init>(Launcher.java:93)
     [java]     at sun.misc.Launcher.<clinit>(Launcher.java:54)
[java] at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1451) [java] at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1436) 



     [java] java.lang.ExceptionInInitializerError
[java] at javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65) [java] at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586) [java] at javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610) [java] at sun.security.ssl.CipherSuite$BulkCipher.isUnlimited(CipherSuite.java:535) [java] at sun.security.ssl.CipherSuite$BulkCipher.<init>(CipherSuite.java:507) [java] at sun.security.ssl.CipherSuite.<clinit>(CipherSuite.java:614) [java] at sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:294) [java] at sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42) [java] at sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:425) 
     [java]     at java.lang.Class.forName0(Native Method)
     [java]     at java.lang.Class.forName(Class.java:264)
[java] at java.security.Provider$Service.getImplClass(Provider.java:1634) [java] at java.security.Provider$Service.newInstance(Provider.java:1592) [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:164) [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) [java] at net.jini.jeri.ssl.Utilities.getServerSSLContextInfo(Utilities.java:712) [java] at net.jini.jeri.ssl.Utilities.getSupportedCipherSuites(Utilities.java:284) [java] at net.jini.jeri.ssl.SslEndpointImpl.getConnectionContexts(SslEndpointImpl.java:750) [java] at net.jini.jeri.ssl.SslEndpointImpl.getCallContext(SslEndpointImpl.java:326) [java] at net.jini.jeri.ssl.SslEndpointImpl.newRequest(SslEndpointImpl.java:185) [java] at net.jini.jeri.ssl.SslEndpoint.newRequest(SslEndpoint.java:550) [java] at net.jini.jeri.BasicObjectEndpoint.newCall(BasicObjectEndpoint.java:421) [java] at net.jini.jeri.BasicInvocationHandler.invokeRemoteMethod(BasicInvocationHandler.java:688) [java] at net.jini.jeri.BasicInvocationHandler.invoke(BasicInvocationHandler.java:571) 
     [java]     at com.sun.proxy.$Proxy2.registerGroup(Unknown Source)
[java] at org.apache.river.start.SharedActivationGroupDescriptor.create(SharedActivationGroupDescriptor.java:370) [java] at org.apache.river.qa.harness.SharedGroupAdmin.start(SharedGroupAdmin.java:204) [java] at org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639) [java] at org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660) [java] at org.apache.river.qa.harness.ActivatableServiceStarterAdmin.getServiceSharedLogDir(ActivatableServiceStarterAdmin.java:388) [java] at org.apache.river.qa.harness.ActivatableServiceStarterAdmin.start(ActivatableServiceStarterAdmin.java:224) [java] at org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:639) [java] at org.apache.river.qa.harness.AdminManager.startService(AdminManager.java:660) [java] at org.apache.river.qa.harness.AdminManager.startLookupService(AdminManager.java:679) [java] at org.apache.river.test.spec.lookupservice.QATestRegistrar.construct(QATestRegistrar.java:458) [java] at org.apache.river.test.spec.lookupservice.test_set00.EvntLeaseExpiration.construct(EvntLeaseExpiration.java:88) [java] at org.apache.river.qa.harness.MasterTest.doTest(MasterTest.java:228) [java] at org.apache.river.qa.harness.MasterTest.access$000(MasterTest.java:48) [java] at org.apache.river.qa.harness.MasterTest$1.run(MasterTest.java:174) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at javax.security.auth.Subject.doAsPrivileged(Subject.java:483) [java] at org.apache.river.qa.harness.MasterTest.doTestWithLogin(MasterTest.java:171) [java] at org.apache.river.qa.harness.MasterTest.main(MasterTest.java:150) [java] Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism [java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:93) 
     [java]     ... 44 more
[java] Caused by: java.lang.SecurityException: Cannot locate policy or framework files! [java] at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:316) [java] at javax.crypto.JceSecurity.access$000(JceSecurity.java:50) 
     [java]     at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
[java] at java.security.AccessController.doPrivileged(Native Method) [java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)

Reply via email to