Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 9
-
Fix Version/s: 9
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b66
-
Verification:Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084939 | emb-9 | Artem Smotrakov | P3 | Resolved | Fixed | team |
JDK-8239147 | openjdk8u252 | Artem Smotrakov | P3 | Resolved | Fixed | b03 |
Description
If security manager is enabled, but "org.jcp.xml.dsig.secureValidation" property is off, the impl tries to read the following system properties:
com.sun.org.apache.xml.internal.security.test.warn.on.exceptions
com.sun.org.apache.xml.internal.security.test.throw.exceptions
, and if appropriate property permissions are not granted, it fails with ExceptionInInitializerError
java.lang.ExceptionInInitializerError
at com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput.convertToNodes(XMLSignatureInput.java:568)
...
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "com.sun.org.apache.xml.internal.security.test.warn.on.exceptions" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:468)
at java.security.AccessController.checkPermission(AccessController.java:894)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:541)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:744)
at com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler.<clinit>(IgnoreAllErrorHandler.java:43)
... 19 more
Please see http://hg.openjdk.java.net/jdk9/dev/jdk/file/97a1facbcaaa/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
...
/** Field throwExceptions */
private static final boolean warnOnExceptions =
System.getProperty("com.sun.org.apache.xml.internal.security.test.warn.on.exceptions", "false").equals("true");
/** Field throwExceptions */
private static final boolean throwExceptions =
System.getProperty("com.sun.org.apache.xml.internal.security.test.throw.exceptions", "false").equals("true");
...
I think it is not really necessary to check access for these properties. IgnoreAllErrorHandler should read them inside doPrivileged() method.
com.sun.org.apache.xml.internal.security.test.warn.on.exceptions
com.sun.org.apache.xml.internal.security.test.throw.exceptions
, and if appropriate property permissions are not granted, it fails with ExceptionInInitializerError
java.lang.ExceptionInInitializerError
at com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput.convertToNodes(XMLSignatureInput.java:568)
...
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "com.sun.org.apache.xml.internal.security.test.warn.on.exceptions" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:468)
at java.security.AccessController.checkPermission(AccessController.java:894)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:541)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:744)
at com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler.<clinit>(IgnoreAllErrorHandler.java:43)
... 19 more
Please see http://hg.openjdk.java.net/jdk9/dev/jdk/file/97a1facbcaaa/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java
...
/** Field throwExceptions */
private static final boolean warnOnExceptions =
System.getProperty("com.sun.org.apache.xml.internal.security.test.warn.on.exceptions", "false").equals("true");
/** Field throwExceptions */
private static final boolean throwExceptions =
System.getProperty("com.sun.org.apache.xml.internal.security.test.throw.exceptions", "false").equals("true");
...
I think it is not really necessary to check access for these properties. IgnoreAllErrorHandler should read them inside doPrivileged() method.
Attachments
Issue Links
- backported by
-
JDK-8084939 IgnoreAllErrorHandler should use doPrivileged when it reads system properties
-
- Resolved
-
-
JDK-8239147 IgnoreAllErrorHandler should use doPrivileged when it reads system properties
-
- Resolved
-
- relates to
-
JDK-8137174 NTLM impl should use doPrivileged when it reads system properties
-
- Closed
-