ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34229] - Need ability to intercept calls to System.setSecurityManager() from embedded environment
Date Fri, 01 Apr 2005 20:17:35 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34229>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34229





------- Additional Comments From jglick@netbeans.org  2005-04-01 22:17 -------
Not sure yet. Maybe in Permissions:

public class Permissions {
    // ...
    /**
     * For containers which wish to intercept
     * {@link System.setSecurityManager} safely.
     */
    public interface SecurityManagerDelegator {
        void registerSecurityManager(SecurityManager);
        void unregisterSecurityManager();
    }
    public static void installSecurityManagerDelegator(SecurityManagerDelegator)
{...}
}

If P.iSMD were not called, Ant would do what it does now. If it were called,
Permissions.{set,restore}SecurityManager would delegate to the new interface.
This would - I hope - permit a container to manage Ant's SM implementation
intelligently, say by having the real global SM delegate to Ant's SM according
to the current thread group. But I would need to try writing a real P.SMD
implementation, say for NetBeans, to confirm that it can really work.

Note that the current code in Ant is not actually correct to begin with. You
might expect that the following script:

<?xml version="1.0"?>
<project name="34229-demo" default="x">
    <target name="x">
        <echo file="Pause.java">
public class Pause {
    public static void main(String[] args) throws Exception {
        int status = Integer.parseInt(args[0]);
        System.out.println("Will pause... (status: " + status + ")");
        Thread.sleep(2000);
        System.out.println("Done. (status: " + status + ")");
        System.exit(status);
    }
}
        </echo>
        <javac srcdir="." destdir="." includes="Pause.java"/>
        <parallel>
            <sequential>
                <java fork="false" classpath="." failonerror="true"
classname="Pause">
                    <arg value="0"/>
                </java>
            </sequential>
            <sequential>
                <sleep milliseconds="1000"/>
                <java fork="false" classpath="." failonerror="true"
classname="Pause">
                    <arg value="1"/>
                </java>
            </sequential>
        </parallel>
        <echo>OK??</echo>
    </target>
</project>

would when run from the command line (Ant 1.6.2) print

Will pause... (status: 0)
Will pause... (status: 1)
Done. (status: 0)
Done. (status: 1)
BUILD FAILED
/tmp/build.xml:24: Java returned: 1

since the second process finishes second and with a nonzero error code which
should throw a BuildException.

Instead, it prints only

Will pause... (status: 0)
Will pause... (status: 1)
Done. (status: 0)
Done. (status: 1)

and then exits *Ant's* VM abruptly (with code 1). That is because the sequence
of events is

- System.sSM(MySM) for process #0 before it starts
- System.sSM(MySM) for process #1 (overwriting #0's!) before it starts
- System.exit(0) from #0, which is trapped and causes <java> to finish
- System.sSM(null) (as stored by Permissions #0) after #0 finishes
- System.exit(1) from #1, which is not trapped since there is no SM

A contrived case, perhaps, but it shows that the logic in Permissions is wrong
already - it should be installing a multiplexing SM itself, and perhaps checking
the Thread of the caller.

Switching to forked mode as an option of last resort might be an option; perhaps
it would be a reasonable hot fix for Ant 1.6.3 until we can do better. I guess
ExecuteJava would need to catch SecurityException from Permissions.sSM and
switch to calling Java.fork(...) or something like that, and a similar fix for
JUnitTestRunner. The main problem is that running the app forked is not
completely transparent to the user; besides a performance hit, there might be
some specific behavior which the user needs unforked mode for, and it might be
confusing to magically switch to forked mode in some environments.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message