Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4999599

Enum.valueOf() or ObjectInputStream.readObject() should use doPrivileged

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b46
    • CPU:
      generic, x86, sparc
    • OS:
      generic, linux, solaris_8, solaris_10

      Description

      Date: Wed, 18 Feb 2004 17:30:57 -0800
      From: <###@###.###>
      Subject: about the Enum changes
      Sender: ###@###.###

      Hi,

      One of the security regression test failed with AccessControlException due to the following fixes:

      4945532: bring enum implementation up-to-date with its specenum 4948640: deserialization should use Enum.valueOf(Class, String)

      Here is the stacktrace:
      java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
              at java.security.AccessControlContext.checkPermission(AccessControlConte
      xt.java:264)
              at java.security.AccessController.checkPermission(AccessController.java:
      425)
              at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
              at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.jav
      a:107)
              at java.lang.Class.getEnumConstants(Class.java:2405)
              at java.lang.Enum.valueOf(Enum.java:182)
              at java.io.ObjectInputStream.readEnum(ObjectInputStream.java:1660)
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1293)
              at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
      09)
              at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
              at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
      710)
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
              at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:19
      09)
              at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1833)
              at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1
      710)
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1296)
              at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339)
              at Serial.main(Serial.java:38)

      None of the public methods in the stacktrace, i.e. Class.getEnumConstrants(), Enum.valueOf(), and ObjectInputStream.readObject(), documents the AccessControlException.

      It seems either Enum.valueOf() or ObjectInputStream.readObject()
      should use doPrivileged block to handle this so the caller apps
      are not required to manually change their security policy when
      migrating to 1.5.

      I will probably file a bug on this within the next two or three days.
      Please comment if such behavior is intentional.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gafter Neal Gafter
              Reporter:
              gafter Neal Gafter
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: