JDK-4420304 : Regression: access denied java.security.SecurityPermission putProvider
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 1.3.1
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2000
  • CPU: x86
  • Submitted: 2001-03-01
  • Updated: 2001-03-06
  • Resolved: 2001-03-06
Related Reports
Duplicate :  
JDK-4416056 - Application requesting JRE 1.4.0-beta could not be launched (B58)
Description

Name: boT120536			Date: 02/28/2001


Java(TM) Plug-in: Version 1.3.1
Using JRE version 1.3.1-beta Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\pboysen
Proxy Configuration: no proxy


My application and security has worked for all previous versions
including JDK1.3._01.  I now get an AccessControlException.  The applet is
signed and I also have a security policy file the client uses. JCE is an
installed extension (jce1_2_1.jar,local_policy.jar,sunjce_provider.jar and
US_export_policy.jar are in JRE/1.3.1/lib/ext).

The error, policy file and source code are listed below:

java.security.AccessControlException: access denied
(java.security.SecurityPermission putProviderProperty.SunJCE)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkSecurityAccess(Unknown Source)
	at sun.plugin.ActivatorSecurityManager.checkSecurityAccess(Unknown
Source)
	at java.security.Provider.check(Unknown Source)
	at java.security.Provider.put(Unknown Source)
	at com.sun.crypto.provider.b.run([DashoPro-V1.2-120198])
	at java.security.AccessController.doPrivileged(Native Method)
	at com.sun.crypto.provider.SunJCE.<init>([DashoPro-V1.2-120198])
	at edu.iastate.ecademy.server.NetPacket.setSecurity(NetPacket.java:577)
	at edu.iastate.ecademy.server.NetPacket.send(NetPacket.java:622)
	at
edu.iastate.ecademy.tools.applet.EcademyApplet.dbSend(EcademyApplet.java:921)
	at
edu.iastate.ecademy.tools.applet.EcademyApplet.login(EcademyApplet.java:1012)
	at Login.actionPerformed(Login.java:111)
.....

/* AUTOMATICALLY GENERATED ON Wed Feb 28 14:01:19 CST 2001*/
/* DO NOT EDIT */


grant codeBase "http://webacademy.cc.iastate.edu/-" {
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
  permission java.awt.AWTPermission "accessClipboard";
  permission java.lang.RuntimePermission "queuePrintJob";
  permission javax.sound.sampled.AudioPermission "*", "play,record";
  permission java.security.SecurityPermission "insertProvider.SunJCE";
/* I tried putting the putProviderProperty.SunJCE here but it made no difference
*/
  permission java.net.SocketPermission "*", "accept, connect";
  permission java.lang.RuntimePermission "modifyThreadGroup";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.audio";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.audio";
  permission java.lang.RuntimePermission "loadLibrary.*";
};

    /*******************************************************************
    *                       Client-side methods                        *
    *******************************************************************/

    /**
    * Use Diffie-Hellman key agreement to establish a shared secret and
    * create the ciphers for use for all Client-Server communication
    */
    public static synchronized void setSecurity()
        throws EcademyException {
        if (isSecure()) return;
        try {
 error===>>           Security.addProvider(new SunJCE());
            KeyRec rec = rmiServer.getKeyRec();
            if (rec.encodedKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance("DH");
                X509EncodedKeySpec x509KeySpec = new
X509EncodedKeySpec(rec.encodedKey);
                PublicKey serverPubKey = keyFactory.generatePublic(x509KeySpec);
                DHParameterSpec dhParamSpec =
((DHPublicKey)serverPubKey).getParams();
                KeyPairGenerator keyPairGen =
KeyPairGenerator.getInstance("DH");
                byte[] seed = new byte[32];
                (new Random()).nextBytes(seed);
                keyPairGen.initialize(dhParamSpec,new SecureRandom(seed));
                KeyPair keypair = keyPairGen.generateKeyPair();
                KeyAgreement keyagreement = KeyAgreement.getInstance("DH");
                keyagreement.init(keypair.getPrivate());
                rec.encodedKey = keypair.getPublic().getEncoded();
                keyagreement.doPhase(serverPubKey, true);
                SecretKey secretKey = keyagreement.generateSecret("DES");
                encrypt = Cipher.getInstance("DES");
                encrypt.init(Cipher.ENCRYPT_MODE,secretKey);
                decrypt = Cipher.getInstance("DES");
                decrypt.init(Cipher.DECRYPT_MODE,secretKey);
            } else {
                encrypt = new NullCipher();
                decrypt = new NullCipher();
            }
            rmiServer.validateTicket(rec);
            // this needs to be last because it is used to indicate the client
is now secure
            masterKey = rec.ticketKey;
        }
        catch (RemoteException gse) {
            throw new
EcademyException(EcademyException.BAD_COMMAND,gse.toString());
        }
        catch (GeneralSecurityException gse) {
            throw new
EcademyException(EcademyException.BAD_COMMAND,gse.toString());
        }
    }
(Review ID: 117868) 
======================================================================
Comments
EVALUATION yu-ching.peng@Eng 2001-03-05 Through the email exchanges with Pete who filed this bug, it is verified that this is caused by File.toURL() encoding changes in ladybird. This bug happens for every Window JRE installation with space in the path, for example C:\Program Files\jre1.3.1After Pete reinstalled the JRE under C:\ProgramFiles\jre1.3.1, the problem goes away. So I am closing this bug as a duplicate of 4416056.
11-06-2004