Mailing-List: contact issues-help@commons.apache.org; run by ezmlm
Precedence: bulk
Reply-To: issues@commons.apache.org
Date: Fri, 2 Sep 2011 00:18:10 +0000 (UTC)
From: "Gary D. Gregory (JIRA)" <jira@apache.org>
To: issues@commons.apache.org
Message-ID: 
 <1033208254.8912.1314922690101.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: 
 <331442065.705.1314009689520.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Commented] (LANG-744) StringUtils throws
 java.security.AccessControlException on Google App Engine
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


    [ https://issues.apache.org/jira/browse/LANG-744?page=3Dcom.atlassian.j=
ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D130956=
89#comment-13095689 ]=20

Gary D. Gregory commented on LANG-744:
--------------------------------------

Well, I've ruminated, pondered and experimented.

Running all unit tests with a security managers results in:

Tests run: 2046, Failures: 2, Errors: 115, Skipped: 0

Clearly, we need a good overall solution to avoid 117 new Jiras (an exagger=
ation I know.)

I've created a JAAS policy file to grant just enough permissions to run the=
 unit tests in {{src/test/resource/java.policy}}

The file contains instructions for using it with JAAS.

What this shows is that we should either:

# Run all unit tests a second time with JAAS enabled, or
# Run all unit tests with JAAS enabled, always

We should our solution as a pattern for other Commons component.

Specifically for StringUtils, should we have a SunStringUtils? This would l=
et you know that you are depending on com.sun code.

> StringUtils throws java.security.AccessControlException on Google App Eng=
ine
> -------------------------------------------------------------------------=
---
>
>                 Key: LANG-744
>                 URL: https://issues.apache.org/jira/browse/LANG-744
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.0.1
>         Environment: Google App Engine
>            Reporter: Cl=C3=A9ment Denis
>             Fix For: 3.0.2
>
>
> In the static initializer of org.apache.commons.lang3.StringUtils, there =
is an attempt to load the class sun.text.Normalizer.
> Such a class is prohibited on Google App Engine, and the static intialize=
r throws a java.security.AccessControlException.
> {code}
> Caused by: java.security.AccessControlException: access denied (java.lang=
.RuntimePermission accessClassInPackage.sun.text)
> =09at java.security.AccessControlContext.checkPermission(AccessControlCon=
text.java:374)
> =09at java.security.AccessController.checkPermission(AccessController.jav=
a:546)
> =09at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> =09at com.google.appengine.tools.development.DevAppServerFactory$CustomSe=
curityManager.checkPermission(DevAppServerFactory.java:166)
> =09at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1=
512)
> =09at java.lang.Class.checkMemberAccess(Class.java:2164)
> =09at java.lang.Class.getMethod(Class.java:1602)
> =09at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:739)
> {code}
> The exception should be caught in the catch clauses around loadClass("sun=
.text.Normalizer").
> Commons lang 2 worked fine on GAE.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira