JDK-8288475 : Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util
  • Affected Version: 17,18
  • Priority: P4
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: generic
  • CPU: generic
  • Submitted: 2022-06-15
  • Updated: 2024-05-22
  • Resolved: 2024-05-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 23
23Resolved
Related Reports
Relates :  
JDK-8330005 - RandomGeneratorFactory.getDefault() throws exception when the runtime image only has java.base module
Description
Reproducer:

    import java.util.random.RandomGeneratorFactory;
    
    public class RandomProviders {
        public static void main(String[] args) {
            if (System.getSecurityManager() == null) {
                throw new AssertionError("Expected to run with a SecurityManager");
            }
            RandomGeneratorFactory.all();
        }
    }

Fails with this stack trace:

Exception in thread "main" java.util.ServiceConfigurationError: java.util.random.RandomGenerator: Unable to load jdk.random.L32X64MixRandom
        at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:586)
        at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:870)
        at java.base/java.util.ServiceLoader$ModuleServicesLookupIterator.hasNext(ServiceLoader.java:1084)
        at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
        at java.base/java.util.ServiceLoader$ProviderSpliterator.tryAdvance(ServiceLoader.java:1491)
        at java.base/java.util.Spliterator.forEachRemaining(Spliterator.java:332)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
        at java.base/java.util.random.RandomGeneratorFactory$FactoryMapHolder.createFactoryMap(RandomGeneratorFactory.java:146)
        at java.base/java.util.random.RandomGeneratorFactory$FactoryMapHolder.<clinit>(RandomGeneratorFactory.java:134)
        at java.base/java.util.random.RandomGeneratorFactory.getFactoryMap(RandomGeneratorFactory.java:165)
        at java.base/java.util.random.RandomGeneratorFactory.all(RandomGeneratorFactory.java:385)
        at test.se17/test.se17.RandomProviders.main(RandomProviders.java:9)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.util.random")
        at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
        at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
        at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
        at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332)
        at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:690)
        at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:688)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
        at java.base/java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:688)
        at java.base/java.lang.ClassLoader.defineClass2(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1103)
        at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:182)
        at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)
        at java.base/jdk.internal.loader.BuiltinClassLoader.lambda$findClassInModuleOrNull$2(BuiltinClassLoader.java:743)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
        at java.base/jdk.internal.loader.BuiltinClassLoader.findClassInModuleOrNull(BuiltinClassLoader.java:744)
        at java.base/jdk.internal.loader.BuiltinClassLoader.findClass(BuiltinClassLoader.java:621)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:632)
        at java.base/java.lang.Class.forName(Class.java:545)
        at java.base/java.util.ServiceLoader.lambda$loadProvider$1(ServiceLoader.java:864)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
        at java.base/java.util.ServiceLoader.loadProvider(ServiceLoader.java:866)
        ... 14 more


Suggested fix:

1. Grnat codeBase "jrt:/jdk.random" the RuntimePermission "accessClassInPackage.jdk.internal.util.random".
2. (???) `RandomGeneratorFactory.all().toList()` still fails, with exception:

Exception in thread "main" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.util.random")
	at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
	at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
	at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
	at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	at java.base/java.lang.Class.forName0(Native Method)
	at java.base/java.lang.Class.forName(Class.java:467)
	at java.base/sun.reflect.generics.factory.CoreReflectionFactory.makeNamedType(CoreReflectionFactory.java:114)
	at java.base/sun.reflect.generics.visitor.Reifier.visitClassTypeSignature(Reifier.java:125)
	at java.base/sun.reflect.generics.tree.ClassTypeSignature.accept(ClassTypeSignature.java:49)
	at java.base/sun.reflect.annotation.AnnotationParser.parseSig(AnnotationParser.java:441)
	at java.base/sun.reflect.annotation.AnnotationParser.parseAnnotation2(AnnotationParser.java:241)
	at java.base/sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:121)
	at java.base/sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:73)
	at java.base/java.lang.Class.createAnnotationData(Class.java:4068)
	at java.base/java.lang.Class.annotationData(Class.java:4057)
	at java.base/java.lang.Class.getAnnotation(Class.java:3940)
	at java.base/java.lang.reflect.AnnotatedElement.isAnnotationPresent(AnnotatedElement.java:292)
	at java.base/java.lang.Class.isAnnotationPresent(Class.java:3950)
	at java.base/java.util.random.RandomGeneratorFactory.lambda$all$0(RandomGeneratorFactory.java:388)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178)
	at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1761)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
	at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
	at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
	at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
	at test.se17/test.se17.SecurityManagerFactory.main(SecurityManagerFactory.java:6)
Comments
Fixed with JDK-8330005.
22-05-2024
The classes in module `jdk.random` have been moved to `java.base`, so this issue is no longer observable.
22-05-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9180 Date: 2022-06-16 07:08:20 +0000
16-06-2022
Needs to add grant codeBase "jrt:/jdk.random" { permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.util.random"; }; to src/java.base/share/lib/security/default.policy (So classes inside jdk.internal.util.random can access themself.) The annotation processing (checking for deprecated annotations) still fails after that change. Parsing annotations should not be done on user classes from a privileged context.
15-06-2022
Need to add PriviledgedAction wrapper around access code.
15-06-2022