Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6967414

Loading class randomly throws java.lang.SecurityException.

    Details

    • Subcomponent:
    • Introduced In Version:
    • Resolved In Build:
      b18
    • CPU:
      x86
    • OS:
      windows_xp

      Backports

        Description

        FULL PRODUCT VERSION :
        C:\>java -version
        java version "1.6.0_20"
        Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
        Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7600]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        Tested enviroments: Java Webstart 1.6.0_17, 1.6.0_18, 1.6.0_20
        Affected enviroment: 1.6.0_20


        A DESCRIPTION OF THE PROBLEM :
        Loading class randomly throws java.lang.SecurityException. Maybe due to static block? they are importing in classloading. When I say randomly I mean 1/30 start fail. All jars and classes are signed and verified! Default java security settings. No special entries in manifest. In JNLP is <security><all-permissions/></security>

        *** CASE 1 ****
        There are two diferent exceptions on the same code. (some concurrent access ?)

        Exception 1 stack:
              java.lang.SecurityException: class "cz.oksystem.rcp.print.i18n.MessageCodesStyleSimpleField" does not match trust level of other classes in the same package
              at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
              at java.net.URLClassLoader$1.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at java.net.URLClassLoader.findClass(Unknown Source)
              at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at cz.oksystem.centrum.core.rcp.isds.panel.login.ActionDs.getName(ActionDs.java:29)
              at org.openide.util.actions.SystemAction.getValue(SystemAction.java:179)
              at org.openide.awt.Actions$MenuBridge.updateState(Actions.java:977)
              at org.openide.awt.Actions.connect(Actions.java:198)
              at org.openide.awt.Actions.connect(Actions.java:165)
              at org.openide.awt.Actions$MenuItem.<init>(Actions.java:1287)
              at org.netbeans.modules.openide.awt.DefaultAWTBridge.createMenuPresenter(DefaultAWTBridge.java:67)
              at org.openide.util.actions.CallableSystemAction.getMenuPresenter(CallableSystemAction.java:79)
              at org.openide.awt.DynaMenuModel.loadSubmenu(DynaMenuModel.java:92)
              at org.openide.awt.MenuBar$LazyMenu$MenuFolder.createInstance(MenuBar.java:683)
              at org.openide.loaders.FolderInstance.defaultProcessObjects(FolderInstance.java:767)
              at org.openide.loaders.FolderInstance.access$000(FolderInstance.java:99)
              at org.openide.loaders.FolderInstance$2.run(FolderInstance.java:655)
              at org.openide.util.Task.run(Task.java:249)
              at org.openide.awt.AWTTask.run(AWTTask.java:57)
              at java.awt.event.InvocationEvent.dispatch(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at org.netbeans.core.TimableEventQueue.dispatchEvent(TimableEventQueue.java:104)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.Dialog$1.run(Unknown Source)
              at java.awt.event.InvocationEvent.dispatch(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at org.netbeans.core.TimableEventQueue.dispatchEvent(TimableEventQueue.java:104)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
                        at java.awt.EventDispatchThread.run(Unknown Source)

        Exception 2 stack:
        java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://okcentrum.mpsv.cz:443/centrum/netbeans/modules/ext/rcp-print-1.4.18-update3.jar
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
              at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
              at java.net.URLClassLoader$1.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at java.net.URLClassLoader.findClass(Unknown Source)
              at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at cz.oksystem.centrum.core.rcp.isds.panel.login.ActionDs.getName(ActionDs.java:29)
              at org.openide.util.actions.SystemAction.getValue(SystemAction.java:179)
              at org.openide.awt.Actions$MenuBridge.updateState(Actions.java:977)
              at org.openide.awt.Actions.connect(Actions.java:198)
              at org.openide.awt.Actions.connect(Actions.java:165)
              at org.openide.awt.Actions$MenuItem.<init>(Actions.java:1287)
              at org.netbeans.modules.openide.awt.DefaultAWTBridge.createMenuPresenter(DefaultAWTBridge.java:67)
              at org.openide.util.actions.CallableSystemAction.getMenuPresenter(CallableSystemAction.java:79)
              at org.openide.awt.DynaMenuModel.loadSubmenu(DynaMenuModel.java:92)
              at org.openide.awt.MenuBar$LazyMenu$MenuFolder.createInstance(MenuBar.java:683)
              at org.openide.loaders.FolderInstance.defaultProcessObjects(FolderInstance.java:767)
              at org.openide.loaders.FolderInstance.access$000(FolderInstance.java:99)
              at org.openide.loaders.FolderInstance$2.run(FolderInstance.java:655)
              at org.openide.util.Task.run(Task.java:249)
              at org.openide.awt.AWTTask.run(AWTTask.java:57)
              at java.awt.event.InvocationEvent.dispatch(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at org.netbeans.core.TimableEventQueue.dispatchEvent(TimableEventQueue.java:104)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.Dialog$1.run(Unknown Source)
              at java.awt.event.InvocationEvent.dispatch(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at org.netbeans.core.TimableEventQueue.dispatchEvent(TimableEventQueue.java:104)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.run(Unknown Source)

        Code snippets:
        --- class ActionDs is not from rcp-print-1.4.18-update3.jar ---
          @Override
          public String getName() {
            return DsMessageCodes.DATOVA_SCHRANKA_NAME.getMessage(); // line 29
          }
        ---
        --- class DsMessageCodes is not from rcp-print-1.4.18-update3.jar ---
          static {
            initMessageCodes(DsMessageCodes.class, null, null,
                MessageCodesStyleSimpleField.STYLE_NORMALIZED_FIELD_ONLY);
          }
        ---
        --- class MessageCodesStyleSimpleField is from rcp-print-1.4.18-update3.jar ---
          public static final MessageCodesStyleSimpleField STYLE_NORMALIZED_FIELD_ONLY = new MessageCodesStyleSimpleField();
        ---

        *** CASE 2 ***

        Exception stack:
        java.lang.SecurityException: class "cz.oksystem.centrum.vyprava.rcp.menu.VypravaMenu" does not match trust level of other classes in the same package
              at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
              at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
              at java.net.URLClassLoader$1.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at java.net.URLClassLoader.findClass(Unknown Source)
              at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at java.lang.ClassLoader.loadClass(Unknown Source)
              at cz.oksystem.centrum.kontrola.rcp.NabidkaKontrola.initMenu(NabidkaKontrola.java:71)
              at cz.oksystem.centrum.kontrola.rcp.NabidkaKontrola.<init>(NabidkaKontrola.java:58)
              at cz.oksystem.centrum.kontrola.rcp.Installer$1.actionPerformed(Installer.java:41)
              at cz.oksystem.centrum.core.rcp.start.StartPanelNabidka$1.actionPerformed(StartPanelNabidka.java:155)
              at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
              at org.jdesktop.swingx.JXHyperlink.fireActionPerformed(JXHyperlink.java:244)
              at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
              at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
              at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
              at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
              at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
              at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
              at java.awt.Component.processMouseEvent(Unknown Source)
              at javax.swing.JComponent.processMouseEvent(Unknown Source)
              at java.awt.Component.processEvent(Unknown Source)
              at java.awt.Container.processEvent(Unknown Source)
              at java.awt.Component.dispatchEventImpl(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
              at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
              at java.awt.Container.dispatchEventImpl(Unknown Source)
              at java.awt.Window.dispatchEventImpl(Unknown Source)
              at java.awt.Component.dispatchEvent(Unknown Source)
              at java.awt.EventQueue.dispatchEvent(Unknown Source)
              at org.netbeans.core.TimableEventQueue.dispatchEvent(TimableEventQueue.java:104)
              at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
              at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
              at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
                        at java.awt.EventDispatchThread.run(Unknown Source)

        Code snippets:
        --- class NabidkaKontrola ---
        VypravaMenu vypravaMenu = new VypravaMenu(AgendaEnum.RESENI_KONTROLNI_CINNOSTI); // line 71
        ---
        --- class VypravaMenu ---
        private static final MessageBundle MESSAGE_BUNDLE = MessageBundleFactory.getInstance().get(VypravaMenu.class);
        ---

        *** CASE 3 ***
        Exception stack:
        java.lang.SecurityException: trusted loader attempted to load sandboxed resource from https://okct/centrum/netbeans/modules/ext/spring-orm-3.0.0.RELEASE.jar
                       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source)
                       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1400(Unknown Source)
                       at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
                       at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
                       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
                       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
                       at java.net.URLClassLoader$1.run(Unknown Source)
                       at java.security.AccessController.doPrivileged(Native Method)
                       at java.net.URLClassLoader.findClass(Unknown Source)
                       at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
                       at java.lang.ClassLoader.loadClass(Unknown Source)
                       at java.lang.ClassLoader.loadClass(Unknown Source)
                       at cz.oksystem.centrum.core.rcp.util.ConcurrentUtils.handleConcurrentException(ConcurrentUtils.java:45)
                        ....


        --- class ConcurrentUtils ---
        } else if (StaleStateException.class.isAssignableFrom(exception.getClass()) ||
                       HibernateOptimisticLockingFailureException.class.isAssignableFrom(exception.getClass())) { // line 45
        ---
        HibernateOptimisticLockingFailureException is from spring-orm-3.0.0.RELEASE.jar and is descendent of org.springframework.core.NestedRuntimeException
        --- class NestedRuntimeException ---
        static {
          // Eagerly load the NestedExceptionUtils class to avoid classloader deadlock
          // issues on OSGi when calling getMessage(). Reported by Don Brown; SPR-5607.
          NestedExceptionUtils.class.getName();
        }
        ---



        REPRODUCIBILITY :
        This bug can be reproduced occasionally.

        CUSTOMER SUBMITTED WORKAROUND :
        Disable JRE 1.6.0_20

        Release Regression From : 6u18
        The above release value was the last known release where this
        bug was not reproducible. Since then there has been a regression.

        Release Regression From : 6u18
        The above release value was the last known release where this
        bug was not reproducible. Since then there has been a regression.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dgu Dennis Gu (Inactive)
                  Reporter:
                  igor Igor Nekrestyanov (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: