FULL PRODUCT VERSION :
java version "1.5.0_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_02-b09)
Java HotSpot(TM) Client VM (build 1.5.0_02-b09, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Windows XP
A DESCRIPTION OF THE PROBLEM :
When the default "sandbox" SecurityManager is installed (example: WebStart apps w/o all-permissions tag), the PropertyEditoryManager is unable to access/instantiate the sun.beans.editors.fooEditor classes.
The inability to alter the editor search path or call registerEditor() (because the code does not have checkPropertiesAccess() permission also prevents the developer from shipping replacement PropertyEditor's.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run test case with and without an installed SecurityManager
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
java BugDemo:
sun.beans.editors.StringEditor
java -Djava.security.manager WSBugDemo
sun.beans.editors.StringEditor
ACTUAL -
java BugDemo:
sun.beans.editors.StringEditor
java -Djava.security.manager BugDemo
failure
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
public class BugDemo {
public static void main(String[] args) {
PropertyEditor pe = PropertyEditorManager.findEditor(String.class);
if (pe == null) {
System.out.println("failure");
} else {
System.out.println(pe.getClass().getName());
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The default security policy file can be altered. This requires the user to dig in the internals of the VM installation.
The application can be shipped with the Java WebStart <all-permissions> tag, however, for security-conscious users, this may be unacceptable.
The implementation of PropertyEditorManager can be altered to wrap the instantiation of the sun.beans.editors.fooEditor in a PrivledgedAction, but it is against the Java license to ship an altered core class.
###@###.### 2005-04-20 17:21:21 GMT