1) Write a simple negative (junit) test that uses AccessController.checkPermission public void testACCNeg() { try { AccessController.checkPermission(new TestPermission("nonExistPermission")); fail("Authorzation check should have failed"); } catch (SecurityException se) { // ignore } } 2) Run this test with -Djava.security.debug=failure, and you will see output similar to the following: [java] TestCase: testACCNeg [java] ERROR Message: java.lang.NullPointerException [java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:311) [java] at java.security.AccessController.checkPermission(AccessController.java:546) 3) Here is the offending code in AccessController.java: if (!dumpDebug) { debug.println("access denied " + perm); } The conditional is incorrect and the field debug is null -- hence the NPE. The "!" should be removed. Release Regression From : 6u3 The above release value was the last known release where this bug was not reproducible. Since then there has been a regression. Release Regression From : 6 The above release value was the last known release where this bug was not reproducible. Since then there has been a regression. Release Regression From : 6 The above release value was the last known release where this bug was not reproducible. Since then there has been a regression.
|