JDK-8218618 : Program fails when using JDK addressed by UNC path and using Security Manager
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 9,10,11,12,13
- Priority: P3
- Status: Closed
- Resolution: Fixed
- OS: windows_10
- CPU: x86_64
- Submitted: 2019-02-06
- Updated: 2021-07-12
- Resolved: 2019-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 12 | JDK 13 |
|---|---|---|
| 11.0.13-oracleFixed | 12.0.2Fixed | 13 b12Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
ADDITIONAL SYSTEM INFORMATION :
We found the problem in Java 11.0.1 and it is still present 11.0.2. We can reproduce it on Windows 10, didn't try other OS.
Bug is present in early adopter Versions of Java 12 and Java 13.
A DESCRIPTION OF THE PROBLEM :
Running a Java program with a JDK that is addressed with a UNC path, the program fails upon the initialization of the SecurityManager when the default.policy file is loaded.
The reason is in the code for loading the policy file, it ignores the host part of the UNC path and the file is addressed as a local file and therefore cannot be found.
The Problem is in the PolicyUtil class, in the method getInputStream(URL). Here is the method for reference:
/*
* Fast path reading from file urls in order to avoid calling
* FileURLConnection.connect() which can be quite slow the first time
* it is called. We really should clean up FileURLConnection so that
* this is not a problem but in the meantime this fix helps reduce
* start up time noticeably for the new launcher. -- DAC
*/
public static InputStream getInputStream(URL url) throws IOException {
if ("file".equals(url.getProtocol())) {
String path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
return new FileInputStream(path);
} else {
return url.openStream();
}
}
The url.getFile() part ignores the host part of the UNC path.
REGRESSION : Last worked in version 8u202
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Place a JDK on a network device.
2. Create a Java program where the Security Manager is being used. (see executable test case code)
3. Compile the program, place it on your local computer.
4. Run the program using the JDK on the network drive, address it using its UNC name.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Program is executed without exception.
ACTUAL -
Exception in thread "main" java.lang.InternalError: Failed to load default.policy
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:553)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:358)
at java.base/sun.security.provider.PolicyFile$3.run(PolicyFile.java:355)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
at java.base/sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:355)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:345)
at java.base/sun.security.provider.PolicyFile.<init>(PolicyFile.java:298)
at java.base/java.security.Policy.loadPolicyProvider(Policy.java:207)
at java.base/java.security.Policy.getPolicyNoCheck(Policy.java:178)
at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321)
at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353)
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1034)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1324)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
Caused by: java.io.FileNotFoundException: \home\jdk-11\lib\security\default.policy (Das System kann den angegebenen Pfad nicht finden)
at java.base/java.io.FileInputStream.open0(Native Method)
at java.base/java.io.FileInputStream.open(FileInputStream.java:213)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:155)
at java.base/java.io.FileInputStream.<init>(FileInputStream.java:110)
at java.base/sun.security.util.PolicyUtil.getInputStream(PolicyUtil.java:60)
at java.base/sun.security.provider.PolicyFile.init(PolicyFile.java:511)
... 17 more
---------- BEGIN SOURCE ----------
// This code should be invoked with a JRE that is located on a network drive addressing it with its UNC name, example call on Windows cmd:
// \\remote.example.com\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
public class PolicyUtilTester
{
public static void main(String[] args){
SecurityManager appsm = System.getSecurityManager();
appsm.checkExit(0);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
If the network drive is mapped, the program can be called this way:
H:\home\jdk-11\bin\java -Djava.security.manager=default PolicyUtilTester
In our case this is not a practical solution.
FREQUENCY : always
Comments
|