commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clément Denis (JIRA) <j...@apache.org>
Subject [jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
Date Thu, 25 Aug 2011 15:13:29 GMT

    [ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13091062#comment-13091062
] 

Clément Denis commented on LANG-744:
------------------------------------

I don't agree with that.
The security manager cannot be changed in GAE, or in any other managed environment with strong
security policiy.

The use of a sun.* class is basically a hack, so I don't see why it should prevent me from
using StringUtils in GAE.
>From a user point of view, it's a huge regression (I think I'm right when I say that StringUtils
is one of the most widely used class in commons-lang).

It would be acceptable if the method stripAccents raised a RuntimeError if no Normalizer could
be found.
But this bug prevents the use of the whole class.


> StringUtils throws java.security.AccessControlException on Google App Engine
> ----------------------------------------------------------------------------
>
>                 Key: LANG-744
>                 URL: https://issues.apache.org/jira/browse/LANG-744
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.0.1
>         Environment: Google App Engine
>            Reporter: Clément Denis
>             Fix For: 3.0.2
>
>
> In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt
to load the class sun.text.Normalizer.
> Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException.
> {code}
> Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.sun.text)
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
> 	at java.security.AccessController.checkPermission(AccessController.java:546)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 	at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
> 	at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
> 	at java.lang.Class.checkMemberAccess(Class.java:2164)
> 	at java.lang.Class.getMethod(Class.java:1602)
> 	at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:739)
> {code}
> The exception should be caught in the catch clauses around loadClass("sun.text.Normalizer").
> Commons lang 2 worked fine on GAE.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message