Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6258510

PropertyEditorManager.findEditor() fails if SecurityManager installed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 5.0
    • Fix Version/s: 7
    • Component/s: client-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b07
    • CPU:
      x86
    • OS:
      linux, windows_xp
    • Verification:
      Verified

      Description

      FULL PRODUCT VERSION :
      java version "1.5.0_02"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
      Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode)


      ADDITIONAL OS VERSION INFORMATION :
      Windows XP


      A DESCRIPTION OF THE PROBLEM :
      When the default "sandbox" SecurityManager is installed (example: WebStart apps w/o all-permissions tag), the PropertyEditoryManager is unable to access/instantiate the sun.beans.editors.fooEditor classes.

      The inability to alter the editor search path or call registerEditor() (because the code does not have checkPropertiesAccess() permission also prevents the developer from shipping replacement PropertyEditor's.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Run test case with and without an installed SecurityManager

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      java BugDemo:
        sun.beans.editors.StringEditor

      java -Djava.security.manager WSBugDemo
        sun.beans.editors.StringEditor

      ACTUAL -
      java BugDemo:
        sun.beans.editors.StringEditor

      java -Djava.security.manager BugDemo
        failure

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      public class BugDemo {
      public static void main(String[] args) {
      PropertyEditor pe = PropertyEditorManager.findEditor(String.class);
      if (pe == null) {
      System.out.println("failure");
      } else {
      System.out.println(pe.getClass().getName());
      }
      }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      The default security policy file can be altered. This requires the user to dig in the internals of the VM installation.

      The application can be shipped with the Java WebStart <all-permissions> tag, however, for security-conscious users, this may be unacceptable.

      The implementation of PropertyEditorManager can be altered to wrap the instantiation of the sun.beans.editors.fooEditor in a PrivledgedAction, but it is against the Java license to ship an altered core class.
      ###@###.### 2005-04-20 17:21:21 GMT

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              malenkov Sergey Malenkov (Inactive)
              Reporter:
              gmanwanisunw Girish Manwani (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: