United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8035613 : With active Securitymanager JAXBContext.newInstance fails

Details
Type:
Bug
Submit Date:
2014-02-18
Status:
Resolved
Updated Date:
2014-08-29
Project Name:
JDK
Resolved Date:
2014-04-21
Component:
xml
OS:
windows_7
Sub-Component:
jaxb
CPU:
x86_64
Priority:
P3
Resolution:
Fixed
Affected Versions:
7u51
Fixed Versions:
7u65 (b09)

Related Reports
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) Client VM (build 24.51-b03, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

EXTRA RELEVANT SYSTEM CONFIGURATION :
Activate the Securitymanager and use a policy-file (see Soruce-Code)

A DESCRIPTION OF THE PROBLEM :
When creating a new Instance of JAXBContext via javax.xml.bind.JAXBContext.newInstance(Class...) an active Securitymanager prevents access and thows an AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks").
Its required to give the Application the java.lang.reflect.ReflectPermission - suppressAccessChecks which is not acceptable.

In prior Release 7u45 the code works without that Permission.

REGRESSION.  Last worked in version 7u45

ADDITIONAL REGRESSION INFORMATION: 
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) Client VM (build 24.45-b08, mixed mode, sharing)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a class (see Source code) that creates a JAXBContext  and run it with an active securitymanager e.g. folloing vm-arguments:

-Djava.security.manager 
-Djava.security.debug="access,failure"
-Djava.security.policy=C:\temp\jdk7u51Bug.policy


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Creation of JAXBContext succseds without an exeption
ACTUAL -
an Exception is thrown at runtime (see Error Messages). 

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.ExceptionInInitializerError
	at com.sun.xml.internal.bind.v2.model.impl.RuntimeModelBuilder.<init>(RuntimeModelBuilder.java:76)
	at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.getTypeInfoSet(JAXBContextImpl.java:434)
	at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(JAXBContextImpl.java:282)
	at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.<init>(JAXBContextImpl.java:125)
	at com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(JAXBContextImpl.java:1147)
	at com.sun.xml.internal.bind.v2.ContextFactory.createContext(ContextFactory.java:130)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:248)
	at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:235)
	at javax.xml.bind.ContextFinder.find(ContextFinder.java:445)
	at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:637)
	at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:584)
	at JaxBJdk7u51Bug.main(JaxBJdk7u51Bug.java:25)
Caused by: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
	at java.security.AccessController.checkPermission(AccessController.java:559)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:128)
	at com.sun.xml.internal.bind.v2.model.impl.Utils.<clinit>(Utils.java:59)
	... 16 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
=================
file JaxBJdk7u51Bug.java
=================
import javax.xml.bind.*;
public class JaxBJdk7u51Bug {
    public static void main(String[] args) {
	try {
	    JAXBContext context = JAXBContext.newInstance(JaxBJdk7u51Bug.class);
	    // do something with context
	} catch (JAXBException e) {
	    e.printStackTrace();
	}
    }
}
==============
file jdk7u51Bug.policy
==============
grant {
	permission java.util.PropertyPermission "mapAnyUriToUri","read";
	permission java.util.PropertyPermission "com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl.fastBoot", "read";
	permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.bind.v2";
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	permission java.util.PropertyPermission "com.sun.xml.internal.bind.v2.runtime.Coordinator.debugTableNPE", "read";
};
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Use either a different JaxB-Impllementation oder grant your application the ReflectPermission (maybe with doPriviliged)


                                    

Comments
SQE OK to take the fix into CPU14_03 - no product issues related to the fix in the nightly test run results.
                                     
2014-04-18
SQE would prefer to have the https://bugs.openjdk.java.net/browse/JDK-8040014 resolved first.
                                     
2014-04-14
No, I don't think it makes sense. It just means the bug has been submitted externally.
                                     
2014-04-01
Iardo, there should be doPrivileged section added:

com/sun/xml/internal/bind/v2/model/impl/Utils.java:59:

53    static { // we statically initializing REFLECTION_NAVIGATOR property
54       Class refNav = null;
55        try {
56            refNav = Class.forName("com.sun.xml.internal.bind.v2.model.nav.ReflectionNavigator");
57            //noinspection unchecked
58            Method getInstance = refNav.getDeclaredMethod("getInstance");
59            getInstance.setAccessible(true);
60            //noinspection unchecked
61            REFLECTION_NAVIGATOR = (Navigator<Type, Class, Field, Method>) getInstance.invoke(null);
62        } catch (ClassNotFoundException e) {

It might be necessary to fix it in all jdk6, jdk7, jdk8 and JAXB trunk
                                     
2014-02-25



Hardware and Software, Engineered to Work Together