Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8079618

AccessControlException with deployment cache and RMI

    Details

    • Subcomponent:
    • Introduced In Version:
    • Resolved In Build:
      b76
    • CPU:
      x86_64
    • OS:
      windows_7

      Backports

        Description

        FULL PRODUCT VERSION :
        Java Plug-in 11.31.2.13
        Using JRE version 1.8.0_31-b13 Java HotSpot(TM) Client VM

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7601]

        A DESCRIPTION OF THE PROBLEM :
        The problem occurs with RMI Calls within an applet that uses RMI codebase. The RMI downloaded code runs in the sandbox: The host where the RMI server runs is the same as the host of the codebase. In this scenario the AccessControlException (see below) occurs when the deployment cache is already populated. After clearing the cache everythings works fine for one browser session. With previous Java Version (e. g. 1.8.0_25) this problem doesn't appear.

        CacheEntry[http://192.168.35.165:44066/jar/device/msr/jpos/chyjpos/chyjpos-service-dl.jar]: updateAvailable=false,lastModified=Thu Jan 01 01:00:00 CET 1970,length=288352
        CacheEntry[http://192.168.35.165:44066/jar/device/cdm/cashpro/kbacashpro4-service-dl.jar]: updateAvailable=false,lastModified=Thu Jan 01 01:00:00 CET 1970,length=463931
        java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Users\dea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3c5d5a3b-6d8e48ab" "read")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkRead(Unknown Source)
        at java.util.zip.ZipFile.<init>(Unknown Source)
        at java.util.zip.ZipFile.<init>(Unknown Source)
        at java.util.jar.JarFile.<init>(Unknown Source)
        at java.util.jar.JarFile.<init>(Unknown Source)
        at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source)
        at com.sun.deploy.cache.CacheEntry.getJarSigningData(Unknown Source)
        at com.sun.deploy.cache.CachedJarFile.getSigningData(Unknown Source)
        at com.sun.deploy.cache.CachedJarFile$JarFileEntry.getCodeSigners(Unknown Source)
        at sun.misc.URLClassPath$JarLoader$2.getCodeSigners(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$100(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at sun.rmi.server.LoaderHandler$Loader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClassForName(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
        at java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
        at com.sun.deploy.util.DeployRMIClassLoaderSpi.loadClass(Unknown Source)
        at java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
        at sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
        at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
        at java.io.ObjectInputStream.readClassDesc(Unknown Source)
        at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
        at java.io.ObjectInputStream.readObject0(Unknown Source)
        at java.io.ObjectInputStream.readObject(Unknown Source)
        at java.rmi.MarshalledObject.get(Unknown Source)
        at com.sun.jini.reggie.Item.get(Item.java:122)
        at com.sun.jini.reggie.Item.toServiceItem(Item.java:158)
        at com.sun.jini.reggie.Matches.get(Matches.java:73)
        at com.sun.jini.reggie.RegistrarProxy.lookup(RegistrarProxy.java:102)
        at net.jini.lookup.ServiceDiscoveryManager.lookup(Unknown Source)
        at com.rubean.drubeans.app.device.discovery.impl.DeviceDiscovererImpl$InitialLookupTask.run(Unknown Source)
        at com.sun.jini.thread.TaskManager$TaskThread.run(Unknown Source)


        REGRESSION. Last worked in version 8u25

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Perform Jini Service Discovery with Services offering service objects via RMI downloadable code.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Service Proxy Object is loaded correctly.
        ACTUAL -
        AccessControlException during class loading.

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        CacheEntry[http://192.168.35.165:44066/jar/device/msr/jpos/chyjpos/chyjpos-service-dl.jar]: updateAvailable=false,lastModified=Thu Jan 01 01:00:00 CET 1970,length=288352
        CacheEntry[http://192.168.35.165:44066/jar/device/cdm/cashpro/kbacashpro4-service-dl.jar]: updateAvailable=false,lastModified=Thu Jan 01 01:00:00 CET 1970,length=463931
        java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Users\dea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3c5d5a3b-6d8e48ab" "read")
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkRead(Unknown Source)
        at java.util.zip.ZipFile.<init>(Unknown Source)
        at java.util.zip.ZipFile.<init>(Unknown Source)
        at java.util.jar.JarFile.<init>(Unknown Source)
        at java.util.jar.JarFile.<init>(Unknown Source)
        at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source)
        at com.sun.deploy.cache.CacheEntry.getJarSigningData(Unknown Source)
        at com.sun.deploy.cache.CachedJarFile.getSigningData(Unknown Source)
        at com.sun.deploy.cache.CachedJarFile$JarFileEntry.getCodeSigners(Unknown Source)
        at sun.misc.URLClassPath$JarLoader$2.getCodeSigners(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$100(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at sun.rmi.server.LoaderHandler$Loader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClassForName(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
        at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)
        at java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)
        at com.sun.deploy.util.DeployRMIClassLoaderSpi.loadClass(Unknown Source)
        at java.rmi.server.RMIClassLoader.loadClass(Unknown Source)
        at sun.rmi.server.MarshalInputStream.resolveClass(Unknown Source)
        at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
        at java.io.ObjectInputStream.readClassDesc(Unknown Source)
        at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
        at java.io.ObjectInputStream.readObject0(Unknown Source)
        at java.io.ObjectInputStream.readObject(Unknown Source)
        at java.rmi.MarshalledObject.get(Unknown Source)
        at com.sun.jini.reggie.Item.get(Item.java:122)
        at com.sun.jini.reggie.Item.toServiceItem(Item.java:158)
        at com.sun.jini.reggie.Matches.get(Matches.java:73)
        at com.sun.jini.reggie.RegistrarProxy.lookup(RegistrarProxy.java:102)
        at net.jini.lookup.ServiceDiscoveryManager.lookup(Unknown Source)
        at com.rubean.drubeans.app.device.discovery.impl.DeviceDiscovererImpl$InitialLookupTask.run(Unknown Source)
        at com.sun.jini.thread.TaskManager$TaskThread.run(Unknown Source)


        REPRODUCIBILITY :
        This bug can be reproduced always.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dcherepanov Dmitry Cherepanov
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: