Bug ID: JDK-8169314 Service.<init> fails with SecurityException, java.xml.ws not granted permission to access system catalog

Type: Bug
Component: xml
Sub-Component: jax-ws
Affected Version: 9

Priority: P2
Status: Closed
Resolution: Not an Issue

Submitted: 2016-11-07
Updated: 2017-01-31
Resolved: 2017-01-31

JDK 9
9Resolved

As reported here:
http://mail.openjdk.java.net/pipermail/jdk9-dev/2016-November/005171.html

The use JAX-WS implementation uses the JAXP CatalogManager API to get the system catalog but it has insufficient permissions to this this and so fails. This code is currently being changed to use the new XML Catalog API and so testing should be done with a security manager to see if the same issue arises. 

Note that this issue could potentially be a JAXP issue, maybe the JAXP code is missing a doPrivileged block to obtain the system catalog without needing the caller to have the permissions. Also note that this is a regression in JDK 9, the issue does not happen with JDK 8.

The attached reproducer passes on 9+154. Fails with the following exception (similar to the provided in e-mail) on 9+135: java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/aefimov/Oracle/BUGS/JAX-WS_B/JDK-8169314_Service_ctr_SecException/JDK-8169314_reproducer/basename" "read") at java.security.AccessControlContext.checkPermission(java.base@9-ea/AccessControlContext.java:468) at java.security.AccessController.checkPermission(java.base@9-ea/AccessController.java:894) at java.lang.SecurityManager.checkPermission(java.base@9-ea/SecurityManager.java:548) at java.lang.SecurityManager.checkRead(java.base@9-ea/SecurityManager.java:887) at java.io.File.isDirectory(java.base@9-ea/File.java:845) at java.io.File.toURI(java.base@9-ea/File.java:733) at com.sun.org.apache.xml.internal.resolver.helpers.FileURL.makeURL(java.xml@9-ea/FileURL.java:85) at com.sun.org.apache.xml.internal.resolver.Catalog.parseCatalogFile(java.xml@9-ea/Catalog.java:812) at com.sun.org.apache.xml.internal.resolver.Catalog.parsePendingCatalogs(java.xml@9-ea/Catalog.java:751) at com.sun.org.apache.xml.internal.resolver.Catalog.parseCatalog(java.xml@9-ea/Catalog.java:599) at com.sun.org.apache.xml.internal.resolver.Catalog.loadSystemCatalogs(java.xml@9-ea/Catalog.java:574) at com.sun.org.apache.xml.internal.resolver.CatalogManager.getPrivateCatalog(java.xml@9-ea/CatalogManager.java:719) at com.sun.org.apache.xml.internal.resolver.CatalogManager.getCatalog(java.xml@9-ea/CatalogManager.java:746) at com.sun.xml.internal.ws.util.xml.XmlUtil.createDefaultCatalogResolver(java.xml.ws@9-ea/XmlUtil.java:314) at com.sun.xml.internal.ws.client.WSServiceDelegate.createCatalogResolver(java.xml.ws@9-ea/WSServiceDelegate.java:363) at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(java.xml.ws@9-ea/WSServiceDelegate.java:349) at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws@9-ea/WSServiceDelegate.java:307) at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws@9-ea/WSServiceDelegate.java:216) at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws@9-ea/WSServiceDelegate.java:197) at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws@9-ea/WSServiceDelegate.java:193) at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(java.xml.ws@9-ea/ProviderImpl.java:104) at javax.xml.ws.Service.<init>(java.xml.ws@9-ea/Service.java:77) at javax.xml.ws.Service.create(java.xml.ws@9-ea/Service.java:707) at TestWsImport.main(TestWsImport.java:49) Will close it as not an issue.

31-01-2017

Standalone application that can be used to reproduce problem on builds < 9+146 is attached

31-01-2017