harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Markov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-2910) [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
Date Wed, 20 Jun 2007 19:57:27 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506652
] 

Mikhail Markov commented on HARMONY-2910:
-----------------------------------------

(not concerning DRLVM/J9 behaviour differences which is another story :-))

I've investigated Stepan's simplification of normalizeURL and think that it is not correct
as it calls File.toURI() method which checks permissions leading to StackOverflowError (which
is ok - no problem in security code: when checking permission with policy file we should not
use any permissions-sensitive calls). The last patch from Ruth does not use such sensitive
calls.

So, i suggest to use Ruth's implementation of normalizeURL() but move it to PolicyUtils as
Stepan suggested. Does it make sense?

> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>
>                 Key: HARMONY-2910
>                 URL: https://issues.apache.org/jira/browse/HARMONY-2910
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: Ruth Cao
>            Assignee: Stepan Mishura
>         Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff,
regressionTest2910.txt
>
>
> create a simple policy file and then run PolicyTest  with the argument and the policy
file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {	
> 	public static void main(String[] args) throws Exception {
> 		Policy p = Policy.getPolicy();
> 		ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> 				"file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> 		PermissionCollection pCollection = p.getPermissions(pd);
> 		Enumeration<Permission> elements = pCollection.elements();
> 		while (elements.hasMoreElements()) {
> 			if(elements.nextElement().equals(new AllPermission())){
> 				System.out.println("contains AllPermission");
> 			}
> 		}
> 	}
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
>    permission java.security.AllPermission; 
> }; 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message