[jira] [Commented] (LANG-744) StringUtils throws java.security.AccessControlException on Google App Engine

Thu, 25 Aug 2011 07:43:54 -0700 

    [ 
https://issues.apache.org/jira/browse/LANG-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13091043#comment-13091043
 ] 

Gary D. Gregory commented on LANG-744:
--------------------------------------

This is not a bug but the way Java Security Manager is designed to work. 

The patch should be reverted IMO because the exception is correct. 

This does not only happen with GAE, it happens anytime when running under 
Java's security manager ({{-Djava.security.manager}})

I do not think we should swallow the exception. In my case, I need to give 
proper rights to the code.

In my test at work with the security manager enabled I see: 

{{java.security.AccessControlException: access denied 
(java.lang.RuntimePermission accessClassInPackage.sun.text)}}

Which means I need to add the following to my .policy file:

{noformat}
grant {
  // ...  
  // Apache Commons Lang3
  permission java.lang.RuntimePermission "accessClassInPackage.sun.text";
  // ...
};
{noformat}



> StringUtils throws java.security.AccessControlException on Google App Engine
> ----------------------------------------------------------------------------
>
>                 Key: LANG-744
>                 URL: https://issues.apache.org/jira/browse/LANG-744
>             Project: Commons Lang
>          Issue Type: Bug
>          Components: lang.*
>    Affects Versions: 3.0.1
>         Environment: Google App Engine
>            Reporter: Clément Denis
>             Fix For: 3.0.2
>
>
> In the static initializer of org.apache.commons.lang3.StringUtils, there is 
> an attempt to load the class sun.text.Normalizer.
> Such a class is prohibited on Google App Engine, and the static intializer 
> throws a java.security.AccessControlException.
> {code}
> Caused by: java.security.AccessControlException: access denied 
> (java.lang.RuntimePermission accessClassInPackage.sun.text)
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:546)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>       at 
> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
>       at 
> java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
>       at java.lang.Class.checkMemberAccess(Class.java:2164)
>       at java.lang.Class.getMethod(Class.java:1602)
>       at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:739)
> {code}
> The exception should be caught in the catch clauses around 
> loadClass("sun.text.Normalizer").
> Commons lang 2 worked fine on GAE.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to