[Bug 65106] New: ConfigFileLoader cannot properly handle file url running with SecurityManager on openjdk 1.8

Tue, 26 Jan 2021 04:57:05 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65106

            Bug ID: 65106
           Summary: ConfigFileLoader cannot properly handle file url
                    running with SecurityManager on openjdk 1.8
           Product: Tomcat 8
           Version: 8.5.61
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: j.no...@quadient.com
  Target Milestone: ----

Created attachment 37718
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37718&action=edit
zip file with screens

spring-boot 1.5.22 creates instance of Http11NioProtocol with certificate
keystore file defined with file url. Images set-url.png, set-url2.png.

When it reaches ConfigFileLoader, location is not absolute so it puts
catalina_base before file url creating "c:/tmp/catalina/file:/c:/tmp/my.jks".
Check if it is file throws AccessControlException (access denied
("java.io.FilePermission" "C:\tmp\120\a\catalina\file:\C:\tmp\120\key.jks"
"read")
). And it is impossible to create such a policy for SecurityManager.
- ConfigFileLoader.png
- ConfigFileLoader.png
- exception.png

getInputStream method can handle file url but when using SecurityManager under
zulu, correto.

Oracle java 1.8 works correctly. SecurityManager has no complains about such
weird path. Just openjdks have problem.

Fails on
- zulu openjdk newer - zulu8.42.0.23-ca-jdk8.0.232-win_x64
- correto 1.8.0_282


```
   public static InputStream getInputStream(String location) throws IOException
{
        File f = new File(location);
        if (!f.isAbsolute()) {
            f = new File(CATALINA_BASE_FILE, location);
        }

        if (f.isFile()) {
            return new FileInputStream(f);
        } else {
            URI uri = getURI(location);

            try {
                URL url = uri.toURL();
                return url.openConnection().getInputStream();
            } catch (IllegalArgumentException var4) {
                throw new
IOException(sm.getString("configFileLoader.cannotObtainURL", new
Object[]{location}), var4);
            }
        }
    }
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to