Name: bsT130419			Date: 10/11/2001


java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1-b24)
Java HotSpot(TM) Client VM (build 1.3.1-b24, mixed mode)

The system property 'java.security.policy' is supposed to accept a URL to read
the policy file from. However, it does not work if the URL refers to a UNC path.

Here is the output, when "java.security.debug=all":
-------
policy: reading file://dhlaptop007/source/out/dist/resources/policy.txt
policy: error parsing file://dhlaptop007/source/out/dist/resources/policy.txt
policy: java.io.FileNotFoundException: \source\out\dist\resources\policy.txt
(The system cannot find the path specified)
java.io.FileNotFoundException: \source\out\dist\resources\policy.txt (The
system cannot find the path specified)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:64)
        at sun.security.provider.PolicyFile.getInputStream(PolicyFile.java:559)
        at sun.security.provider.PolicyFile.init(PolicyFile.java:520)
        at sun.security.provider.PolicyFile.initPolicyFile(PolicyFile.java:330)
        at sun.security.provider.PolicyFile.access$000(PolicyFile.java:89)
        at sun.security.provider.PolicyFile$1.run(PolicyFile.java:232)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.provider.PolicyFile.init(PolicyFile.java:230)
        at sun.security.provider.PolicyFile.<init>(PolicyFile.java:120)
        at java.lang.Class.newInstance0(Native Method)
        at java.lang.Class.newInstance(Class.java:237)
        at java.security.Policy.getPolicyNoCheck(Policy.java:157)
        at java.security.SecureClassLoader.getPermissions
(SecureClassLoader.java:138)
        at java.net.URLClassLoader.getPermissions(URLClassLoader.java:420)
        at sun.misc.Launcher$AppClassLoader.getPermissions(Launcher.java:294)
        at java.security.SecureClassLoader.getProtectionDomain
(SecureClassLoader.java:162)
        at java.security.SecureClassLoader.defineClass
(SecureClassLoader.java:111)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
-------

Looking at sun.security.provider.PolicyFile#getInputStream, the bug is easy to
spot:
-------
    private InputStream getInputStream(URL url) throws IOException {
	if ("file".equals(url.getProtocol())) {
	    String path = url.getFile().replace('/', File.separatorChar);
	    return new FileInputStream(path);
	} else {
	    return url.openStream();
	}
    }
-------
The special case for the "file" protocol does not handle the case where the
host is not 'localhost', as happens with UNC paths.
Since this works with http and other protocols that go across the wire, there
is no reason this should not work with UNC file URLs.
(Review ID: 133442) 
======================================================================