Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions

Ralph G. Puga (puga@tis.com)
Tue, 11 Aug 1998 14:47:36 -0400

Date: Tue, 11 Aug 1998 14:47:36 -0400
From: "Ralph G. Puga" <puga@tis.com>
To: schemers@Eng
Subject: Re: jdk1.2beta3/4 changes in codeBase interpretation for permissions

This is a multi-part message in MIME format.
--------------0DB3982D6CEFB134F306937B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Roland,

I tried this again and the output is attached. Any ideas ?

Thanks again,
--Ralph P.

schemers@Eng.Sun.COM wrote:

> Hum. It should work. You could try running with debug turned on to
> see what is happening. In particular, try:
>
> java -Djava.security.debug=access,failure,policy ...
>
> That might help track down your problem.
>
> roland
>
> Ralph G. Puga writes:
> > Roland,
> >
> > I tried running the same program with the "file:/-" option as you suggested and I
> > received the following error messages: (See the attachment).
> >
> > I then tried the same program with "file:/home" (since my program is relative to the
> > /home directory) as the codeBase and it worked. Any ideas on this issue ?
> >
> > I also tried other combinations like "file:/home/-" with the same failure results.
> >
> >
> > Thanks again,
> > --Ralph P.
> >
> >
> >
> > schemers@Eng.Sun.COM wrote:
> >
> > > Robert Watson writes:
> > > > This email is with regards to a change moving from jdk1.2beta3 to jdk1.2beta4.
> > > > Under 1.2beta3, we were able to specify permissions to apply to locally loaded
> > > > code by using the "file:/" codebase in the Java policy file. Under
> > > > jdk1.2beta4, however, this no longer appears to work. Here is some source
> > > > code and some sample policy files:
> > >
> > > This should be documented in the policy docs. Instead of:
> > >
> > > grant codeBase "file:/" {
> > >
> > > You need to use:
> > >
> > > grant codeBase "file:/-" {
> > >
> > > This is the same syntax the FilePermission uses. We had a number of
> > > requests to make this change, in order to make it explict.
> > >
> > > roland
> > >
> >
> >
> >
> >
> >
> > --
> > Ralph G. Puga puga@tis.com
> > TIS Labs/Network Associates Inc. Washington (301) 854-5323
> > 3060 Washington Road (Voice) Baltimore (410) 442-1673 (x323)
> > Glenwood, MD 21738 FAX (301) 854-5363
> >
> > Exception in thread "main" java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>)
> > at java.security.AccessControlContext.checkPermission(Compiled Code)
> > at java.security.AccessController.checkPermission(Compiled Code)
> > at test.main(Compiled Code)
>

--
Ralph G. Puga                            puga@tis.com
TIS Labs/Network Associates Inc.         Washington (301) 854-5323
3060 Washington Road              (Voice) Baltimore (410) 442-1673 (x323)
Glenwood, MD 21738                       FAX (301) 854-5363

--------------0DB3982D6CEFB134F306937B Content-Type: text/plain; charset=us-ascii; name="foo" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="foo"

access: access allowed (java.io.FilePermission /home/puga/projects/netsec/tests/policy-test/- read) policy: reading file:/home/puga/projects/netsec/tests/policy-test/test-policy-3 policy: Adding policy entry: policy: signedBy null policy: codeBase file:/- policy: policy: (java.security.AllPermission <all permissions> <all actions>) policy: policy: overriding other policies! policy: evaluate((file:/home/puga/projects/netsec/tests/policy-test/ <no certificates>)) access: access denied (java.security.AllPermission <all permissions> <all actions>) java.lang.Exception: Stack trace at java.lang.Thread.dumpStack(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at test.main(Compiled Code) access: domain that failed ProtectionDomain (file:/home/puga/projects/netsec/tests/policy-test/ <no certificates>) java.security.Permissions@34e68cfa ( (java.lang.RuntimePermission accessClassInPackage.* ) (java.lang.RuntimePermission exitVM ) (java.lang.RuntimePermission defineClassInPackage.* ) (java.security.AllPermission <all permissions> <all actions>) (java.io.FilePermission /home/puga/projects/netsec/tests/policy-test/- read) )

Exception in thread "main" java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at test.main(Compiled Code)

--------------0DB3982D6CEFB134F306937B--