|
Duplicate :
|
|
|
Relates :
|
|
|
Relates :
|
FULL PRODUCT VERSION :
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b18, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
StackOverflowError during PolicyFile lookup
A DESCRIPTION OF THE PROBLEM :
Running a custom Security Manager works fine until a specific point. Then we get a StackOverflow when reading the policy file. This bug has been fixed for JDK 9 but not been backported to JDK 8:
Former Bug Ticket
JDK-8077418
Our Custom Security Manager catches the exception of of a security violation and only logs it. (like a dryrun)
Please backport the fix to JDK 8. Until then working with a Custom Security Manager is not possible as it can lead to
REGRESSION. Last worked in version 9
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This is an old bug. The fix has not been backported to jdk 8 but fixed in jdk 9:
JDK-8077418
Run java security with a custom security manager (like the one we posted) and let it run some time.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Logging of the missing permission which caused the security exception
ACTUAL -
package de.kvb.common.security.manager;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
/**
* Custom SecurityManager for logging access violations instead of throwing Exceptions
*/
public class KvbSecurityManager extends SecurityManager {
public KvbSecurityManager() {
}
@Override
public void checkPermission(Permission perm) {
try {
super.checkPermission(perm);
} catch(AccessControlException e) {
System.out.println(perm);
}
}
}
ERROR MESSAGES/STACK TRACES THAT OCCUR :
package de.kvb.common.security.manager;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
/**
* Custom SecurityManager for logging access violations instead of throwing Exceptions
*/
public class KvbSecurityManager extends SecurityManager {
public KvbSecurityManager() {
}
@Override
public void checkPermission(Permission perm) {
try {
super.checkPermission(perm);
} catch(AccessControlException e) {
System.out.println(perm);
}
}
}
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
package de.kvb.common.security.manager;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
/**
* Custom SecurityManager for logging access violations instead of throwing Exceptions
*/
public class KvbSecurityManager extends SecurityManager {
public KvbSecurityManager() {
}
@Override
public void checkPermission(Permission perm) {
try {
super.checkPermission(perm);
} catch(AccessControlException e) {
System.out.println(perm);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
No workaround possible
|