Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6945321

trusted-library manifest attribute cant load unsigned code without warning.

    Details

    • Subcomponent:
    • Introduced In Version:
    • CPU:
      x86
    • OS:
      generic

      Description

      FULL PRODUCT VERSION :
      java version "1.6.0_20"
      Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
      Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7600]

      A DESCRIPTION OF THE PROBLEM :
      I was told that when using the trusted-library=true option in the manifest for our main class that it would be possible to use none signed jars from extensions by using Class.forName with the context classloader, I tried this by using this code:

      ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                                  Debug.error("plugin class:" + clazzName.trim() + " is trying to be loaded through the context classloader: " + contextClassLoader +
                                      " in the thread: " + Thread.currentThread().getName() + " trusted classloader is: " + getClass().getClassLoader());
                                  loadClientPlugin(Class.forName(clazzName.trim(), true, contextClassLoader));

      But that still shows up the mixed code dialog:

      thread: pool-1-thread-1 trusted classloader is: com.sun.jnlp.JNLPClassLoader@188d92e
      ERROR - Debug - Error occured loading client plugin class com.servoy.extensions.plugins.scheduler.SchedulerPlugin, error: java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
      ERROR - Debug - Throwable
      java.lang.SecurityException: trusted loader attempted to load sandboxed resource from http://localhost:8080/plugins/scheduler.jar
          at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
          at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
          at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
          at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
          at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
          at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
          at java.net.URLClassLoader$1.run(Unknown Source)
          at java.security.AccessController.doPrivileged(Native Method)
          at java.net.URLClassLoader.findClass(Unknown Source)
          at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
          at java.lang.ClassLoader.loadClass(Unknown Source)
          at java.lang.ClassLoader.loadClass(Unknown Source)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Unknown Source)
          at com.servoy.j2db.plugins.PluginManager.loadClientPlugins(Unknown Source)

      i got the source of the u20 build and i think that it is this code that is run: (from class CPCallbackHandler$ParentCallback.)

      private synchronized void check(URL url, boolean trusted) {
              boolean maybeTrustedChild = trustedChild;
              boolean maybeUntrustedChild = untrustedChild;
              if (!trusted && trustedOnly) {
              throw new SecurityException("Trusted-Only loader attempted to load sandboxed resource from " + url);
              }
              if (trusted) {
              maybeTrustedChild = true;
              } else {
              maybeUntrustedChild = true;
              }
                  if (maybeTrustedChild && maybeUntrustedChild) {
              String msg = checkAllowed(url, maybeTrustedChild && trustedChild);
              if (msg != null) {
                  throw new SecurityException(msg);
              }

      so for me this is true:
      if (maybeTrustedChild && maybeUntrustedChild)

      then it goes into checkAllowed:

       private String checkAllowed(URL url, boolean wasTrusted) {
              if (checkMixedTrust) {
                  int result = showMixedTrustDialog();
                  if (result == UIFactory.CANCEL) {
                      allowMixedTrust = true;
                  }
                  checkMixedTrust = false;
              }
              if (!allowMixedTrust) {
              if (wasTrusted) {
                      return "trusted loader attempted to load sandboxed resource from " + url;
              } else {
                      return "sandboxed loader attempted to load trusted resource from " + url;
              }
              }
              return null;
              }
          }

      with wasTrusted == true

      and then checkMixedTrust is true because i have the default config setting:

      private ParentCallback() {
                  if (Config.getMixcodeValue() == Config.MIXCODE_ENABLE) {
                  checkMixedTrust = true;
              }

      So if it comes into checkAllowed() then it will always show me the dialog when i have default setting.

      So or i dont have to get into that checkAllowed method but then the 2 booleans shouldnt somehow be true in my case
      or checkAllowed shouldnt know that it is a trusted-lib that calls a untrusted class through its own classloader and that should be allowed...

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      a signed jar with trusted-library manifest entry should be able to load unsigned content when it chooses to do it through Class.forName and a special classloader
      ACTUAL -
      Still the dialog is shown.

      REPRODUCIBILITY :
      This bug can be reproduced always.

      SUPPORT :
      YES

      Release Regression From : 6u18
      The above release value was the last known release where this
      bug was not reproducible. Since then there has been a regression.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                herrick Andy Herrick
                Reporter:
                ndcosta Nelson Dcosta
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: