commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary D. Gregory (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine
Date Thu, 25 Aug 2011 14:43:29 GMT

    [ https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13091043#comment-13091043
] 

Gary D. Gregory commented on LANG-744:
--------------------------------------

This is not a bug but the way Java Security Manager is designed to work. 

The patch should be reverted IMO because the exception is correct. 

This does not only happen with GAE, it happens anytime when running under Java's security
manager ({{-Djava.security.manager}})

I do not think we should swallow the exception. In my case, I need to give proper rights to
the code.

In my test at work with the security manager enabled I see: 

{{java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.text)}}

Which means I need to add the following to my .policy file:

{noformat}
grant {
  // ...  
  // Apache Commons Lang3
  permission java.lang.RuntimePermission "accessClassInPackage.sun.text";
  // ...
};
{noformat}



> StringUtils throws java.security.AccessControlException on Google App Engine
> ----------------------------------------------------------------------------
>
>                 Key: LANG-744
>                 URL: https://issues.apache.org/jira/browse/LANG-744
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.0.1
>         Environment: Google App Engine
>            Reporter: Clément Denis
>             Fix For: 3.0.2
>
>
> In the static initializer of org.apache.commons.lang3.StringUtils, there is an attempt
to load the class sun.text.Normalizer.
> Such a class is prohibited on Google App Engine, and the static intializer throws a java.security.AccessControlException.
> {code}
> Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.sun.text)
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
> 	at java.security.AccessController.checkPermission(AccessController.java:546)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 	at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
> 	at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
> 	at java.lang.Class.checkMemberAccess(Class.java:2164)
> 	at java.lang.Class.getMethod(Class.java:1602)
> 	at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:739)
> {code}
> The exception should be caught in the catch clauses around loadClass("sun.text.Normalizer").
> Commons lang 2 worked fine on GAE.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message