harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasily Zakharov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HARMONY-2910) [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
Date Thu, 21 Jun 2007 15:42:26 GMT

    [ https://issues.apache.org/jira/browse/HARMONY-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12506938

Vasily Zakharov commented on HARMONY-2910:

In fact, System.getProperty() is not a problem. The problem is the in cyclic dependency SecurityManager.checkRead()
- PolicyUtils.normalizeURL() - File.toURI() - File.getAbsoluteName() - File.isDirectory()
- SecurityManager.checkRead(). So, we just need to convert File to URI without accessing the
file system. I tried to use the respective code from java.io.File with isDirectory() checks
removed, and it helped.

Here I attach the updated Stepan's patch (Harmony-2910-fix.patch, Harmony-2910-PolicyTest.patch)
with this correction.

With this patch cyclic dependency is resolved, the test for this issue and for HARMONY-3939
both work fine on both DRL VM and IBM VM.
org.apache.harmony.logging.tests.java.util.logging.LogManagerTest and org.apache.harmony.rmi.RegistryTest
tests do not crash.
tests.api.java.security.PermissionCollectionTest.test_impliesLjava_security_Permission() test

As of PolicyEntryTest.testImpliesCodeSource(), it still fails on both RI and Harmony. It seems
the test is incorrect, so I fixed the test and improved its functionality a bt.

Does it mean that PolicyUtils.normalizeURL() works incorrectly, or PolicyEntry.impliesCodeSource()
logic is not right (for example, why codeSource is normalized while cs is not?), or the two
asserions above should be changed to assertFalse() ?

> [classlib][security] Harmony cannot identify 'codeBase' feature in policy file
> ------------------------------------------------------------------------------
>                 Key: HARMONY-2910
>                 URL: https://issues.apache.org/jira/browse/HARMONY-2910
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: Ruth Cao
>            Assignee: Stepan Mishura
>         Attachments: Harmony-2910-2.zip, Harmony-2910.diff, Harmony-2910.diff, Harmony-2910.diff,
> create a simple policy file and then run PolicyTest  with the argument and the policy
file[1] as following on Windows XP:
> -Dtest.bin.dir=c:\api\ -Djava.security.policy=<policy file path>
> public class PolicyTest {	
> 	public static void main(String[] args) throws Exception {
> 		Policy p = Policy.getPolicy();
> 		ProtectionDomain pd = new ProtectionDomain(new CodeSource(new URL(
> 				"file:/c:/api/*"), (java.security.cert.Certificate[]) null), null);
> 		PermissionCollection pCollection = p.getPermissions(pd);
> 		Enumeration<Permission> elements = pCollection.elements();
> 		while (elements.hasMoreElements()) {
> 			if(elements.nextElement().equals(new AllPermission())){
> 				System.out.println("contains AllPermission");
> 			}
> 		}
> 	}
> }
> RI prints:
> contains AllPermission
> while Harmony prints nothing.
> [1]
> grant codeBase "file:${test.bin.dir}/-" {
>    permission java.security.AllPermission; 
> }; 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message