JDK-8247961 : java.security.debug may raise ClassCircularityError
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 15
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2020-06-20
  • Updated: 2024-03-25
Related Reports
Relates :  
JDK-8051959 - Add thread and timestamp options to java.security.debug system property
Relates :  
JDK-8242565 - Policy initialization issues when the denyAfter constraint is enabled
Description
When execute java application with security manager and enable java.security.debug, the below error may be raised,
Caused by: java.lang.ClassCircularityError: sun/util/resources/cldr/provider/CLDRLocaleDataMetaInfo
	at java.base/java.lang.ClassLoader.defineClass2(Native Method)
	at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1106)
	at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:183)
	at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:784)
	at java.base/jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(BuiltinClassLoader.java:707)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
	at java.base/jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(BuiltinClassLoader.java:708)
	at java.base/jdk.internal.loader.BuiltinClassLoader.findClass(BuiltinClassLoader.java:586)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:632)
	at java.base/java.lang.Class.forName(Class.java:546)
	at java.base/java.util.ServiceLoader.lambda$loadProvider$1(ServiceLoader.java:859)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:554)
	at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:861)
	... 108 more

If not open java.security.debug, no the above error.
Comments
Downgrading to P4, as this is a rare use case in practice and it only occurs if debugging is enabled.
16-09-2020
The attached test.zip can be used to reproduce this issue. The command looks like the below, java -Djava.security.debug=policy -Djava.security.manager -Djava.security.policy=policy -cp signedApp.jar App ... Exception in thread "main" java.util.ServiceConfigurationError: Locale provider adapter "CLDR"cannot be instantiated. at java.base/sun.util.locale.provider.LocaleProviderAdapter.forType(LocaleProviderAdapter.java:199) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.findProviders(LocaleServiceProviderPool.java:302) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObjectImpl(LocaleServiceProviderPool.java:274) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObject(LocaleServiceProviderPool.java:236) at java.base/sun.util.locale.provider.TimeZoneNameUtility.retrieveDisplayNamesImpl(TimeZoneNameUtility.java:197) at java.base/sun.util.locale.provider.TimeZoneNameUtility.retrieveDisplayName(TimeZoneNameUtility.java:150) at java.base/java.util.TimeZone.getDisplayName(TimeZone.java:402) at java.base/java.util.Date.toString(Date.java:1047) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.CertificateValidity.toString(CertificateValidity.java:140) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.X509CertInfo.toString(X509CertInfo.java:307) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.X509CertImpl.toString(X509CertImpl.java:839) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/java.security.CodeSource.toString(CodeSource.java:498) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.provider.PolicyFile.printPD(PolicyFile.java:1677) at java.base/sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1087) at java.base/sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1041) at java.base/sun.security.provider.PolicyFile.implies(PolicyFile.java:997) at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321) at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353) at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450) at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1152) at java.base/java.lang.System.getProperty(System.java:833) at App.main(App.java:31) Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:64) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481) at java.base/sun.util.locale.provider.LocaleProviderAdapter.forType(LocaleProviderAdapter.java:188) ... 33 more Caused by: java.util.ServiceConfigurationError: sun.util.locale.provider.LocaleDataMetaInfo: Unable to load sun.util.resources.cldr.provider.CLDRLocaleDataMetaInfo at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:584) at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:865) at java.base/java.util.ServiceLoader$ModuleServicesLookupIterator.hasNext(ServiceLoader.java:1078) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1301) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1386) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter$1.run(CLDRLocaleProviderAdapter.java:89) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter$1.run(CLDRLocaleProviderAdapter.java:86) at java.base/java.security.AccessController.doPrivileged(AccessController.java:554) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter.<init>(CLDRLocaleProviderAdapter.java:86) ... 39 more Caused by: java.util.ServiceConfigurationError: Locale provider adapter "CLDR"cannot be instantiated. at java.base/sun.util.locale.provider.LocaleProviderAdapter.forType(LocaleProviderAdapter.java:199) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.findProviders(LocaleServiceProviderPool.java:302) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObjectImpl(LocaleServiceProviderPool.java:274) at java.base/sun.util.locale.provider.LocaleServiceProviderPool.getLocalizedObject(LocaleServiceProviderPool.java:236) at java.base/sun.util.locale.provider.TimeZoneNameUtility.retrieveDisplayNamesImpl(TimeZoneNameUtility.java:197) at java.base/sun.util.locale.provider.TimeZoneNameUtility.retrieveDisplayName(TimeZoneNameUtility.java:150) at java.base/java.util.TimeZone.getDisplayName(TimeZone.java:402) at java.base/java.util.Date.toString(Date.java:1047) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.CertificateValidity.toString(CertificateValidity.java:140) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.X509CertInfo.toString(X509CertInfo.java:307) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.x509.X509CertImpl.toString(X509CertImpl.java:839) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/java.security.CodeSource.toString(CodeSource.java:498) at java.base/java.lang.String.valueOf(String.java:3367) at java.base/java.lang.StringBuilder.append(StringBuilder.java:167) at java.base/sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1150) at java.base/sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1137) at java.base/sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1101) at java.base/sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1041) at java.base/sun.security.provider.PolicyFile.implies(PolicyFile.java:997) at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321) at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353) at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450) at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1324) at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:689) at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:687) at java.base/java.security.AccessController.doPrivileged(AccessController.java:391) at java.base/java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:687) at java.base/java.lang.ClassLoader.defineClass2(Native Method) at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1106) at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:183) at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:784) at java.base/jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(BuiltinClassLoader.java:707) at java.base/java.security.AccessController.doPrivileged(AccessController.java:312) at java.base/jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(BuiltinClassLoader.java:708) at java.base/jdk.internal.loader.BuiltinClassLoader.findClass(BuiltinClassLoader.java:586) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:632) at java.base/java.lang.Class.forName(Class.java:546) at java.base/java.util.ServiceLoader.lambda$loadProvider$1(ServiceLoader.java:859) at java.base/java.security.AccessController.doPrivileged(AccessController.java:554) at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:861) ... 46 more Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:64) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481) at java.base/sun.util.locale.provider.LocaleProviderAdapter.forType(LocaleProviderAdapter.java:188) ... 95 more Caused by: java.util.ServiceConfigurationError: sun.util.locale.provider.LocaleDataMetaInfo: Unable to load sun.util.resources.cldr.provider.CLDRLocaleDataMetaInfo at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:584) at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:865) at java.base/java.util.ServiceLoader$ModuleServicesLookupIterator.hasNext(ServiceLoader.java:1078) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1301) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1386) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter$1.run(CLDRLocaleProviderAdapter.java:89) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter$1.run(CLDRLocaleProviderAdapter.java:86) at java.base/java.security.AccessController.doPrivileged(AccessController.java:554) at java.base/sun.util.cldr.CLDRLocaleProviderAdapter.<init>(CLDRLocaleProviderAdapter.java:86) ... 101 more Caused by: java.lang.ClassCircularityError: sun/util/resources/cldr/provider/CLDRLocaleDataMetaInfo at java.base/java.lang.ClassLoader.defineClass2(Native Method) at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1106) at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:183) at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:784) at java.base/jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(BuiltinClassLoader.java:707) at java.base/java.security.AccessController.doPrivileged(AccessController.java:312) at java.base/jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(BuiltinClassLoader.java:708) at java.base/jdk.internal.loader.BuiltinClassLoader.findClass(BuiltinClassLoader.java:586) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:632) at java.base/java.lang.Class.forName(Class.java:546) at java.base/java.util.ServiceLoader.lambda$loadProvider$1(ServiceLoader.java:859) at java.base/java.security.AccessController.doPrivileged(AccessController.java:554) at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:861) ... 108 more
20-06-2020