Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From: Scott Palmer swpal...@gmail.com To: Kevin Rushforth kevin.rushfo...@oracle.com, Cc: openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs. -- Kevin Kevin Rushforth wrote: Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough. I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot in their current form, in which case new bugs should be filed with the confidential information moved to confidential comments in the bug. I will help with this. -- Kevin Scott Palmer wrote: Drat... I was hoping to see something much sooner, like 8u20 (obviously too late now) or 8u40. I'm unable to use Web Start deployment because of this. Is it necessary for these issues to be blocked from anonymous viewing? Thanks for the update. Scott On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote: These are now assigned to Dmitry Cherapanov who I have copied here in case he isn't on the openjfx alias. They are both targeted to JDK 9. -- Kevin Scott Palmer wrote: I tried to send an email to Thomas asking about the status of these issues (they are not visible to me), but the email bounced (user unknown). Could someone let me know the status? Thanks, Scott On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote: Thanks for the report! Two bugs created for this: security manager and applet-desc webstart mode: https://bugs.openjdk.java.net/browse/JDK-8040231 reflection in daemon thread: https://bugs.openjdk.java.net/browse/JDK-8040699 -thomas *From: *Scott Palmer swpal...@gmail.com mailto:swpal...@gmail.com *Subject: **All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager* *Date: *April 14, 2014 at 1:07:36 PM PDT *To: *openjfx-dev@openjdk.java.net mailto:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net mailto:openjfx-dev@openjdk.java.net Can someone confirm that all-permissions is working for JavaFX apps that are launched via Web Start with Java 8.0 and use daemon threads in a Service
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Hi Neil, If you have a test program that you can send me, I can attach it for you. Question for you: are all of your jar files (including the third-party libs) signed with the same certificate? -- Kevin ngalarn...@abinitio.com wrote: Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From:Scott Palmer swpal...@gmail.com To:Kevin Rushforth kevin.rushfo...@oracle.com, Cc:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs. -- Kevin Kevin Rushforth wrote: Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough. I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot in their current form, in which case new bugs should be filed with the confidential information moved to confidential comments in the bug. I will help with this. -- Kevin Scott Palmer wrote: Drat... I was hoping to see something much sooner, like 8u20 (obviously too late now) or 8u40. I'm unable to use Web Start deployment because of this. Is it necessary for these issues to be blocked from anonymous viewing? Thanks for the update. Scott On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote: These are now assigned to Dmitry Cherapanov who I have copied here in case he isn't on the openjfx alias. They are both targeted to JDK 9. -- Kevin Scott Palmer wrote: I tried to send an email to Thomas asking about the status of these issues (they are not visible to me), but the email bounced (user unknown). Could someone let me know the status? Thanks, Scott On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote: Thanks for the report! Two bugs created for this: security manager and applet-desc webstart mode: https://bugs.openjdk.java.net/browse/JDK-8040231 reflection in daemon thread: https://bugs.openjdk.java.net/browse/JDK-8040699 -thomas *From: *Scott Palmer swpal...@gmail.com mailto:swpal...@gmail.com *Subject: **All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager* *Date: *April 14, 2014 at 1:07:36 PM PDT *To: *openjfx-dev@openjdk.java.net mailto:openjfx-dev@openjdk.java.net openjfx-dev
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
I will see if I can get permission to send you the program. I believe all of my jars are signed with the same certificate. What is the best way to verify that? Thanks Kevin, Neil From: Kevin Rushforth kevin.rushfo...@oracle.com To: ngalarn...@abinitio.com, Cc: Scott Palmer swpal...@gmail.com, dmitry cherepanov dmitry.cherepa...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/16/2014 06:12 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Hi Neil, If you have a test program that you can send me, I can attach it for you. Question for you: are all of your jar files (including the third-party libs) signed with the same certificate? -- Kevin ngalarn...@abinitio.com wrote: Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From:Scott Palmer swpal...@gmail.com To:Kevin Rushforth kevin.rushfo...@oracle.com, Cc:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs. -- Kevin Kevin Rushforth wrote: Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough. I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot in their current form, in which case new bugs should be filed with the confidential information moved to confidential comments in the bug. I will help with this. -- Kevin Scott Palmer wrote: Drat... I was hoping to see something much sooner, like 8u20 (obviously too late now) or 8u40. I'm unable to use Web Start deployment because of this. Is it necessary for these issues to be blocked from anonymous viewing? Thanks for the update. Scott On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote: These are now assigned to Dmitry Cherapanov who I have copied here in case he isn't on the openjfx alias. They are both targeted to JDK 9. -- Kevin Scott Palmer wrote: I tried to send an email to Thomas asking about the status of these issues (they are not visible to me), but the email bounced (user unknown). Could someone let me know the status? Thanks, Scott On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote: Thanks for the report! Two bugs created for this: security manager and applet-desc webstart mode: https://bugs.openjdk.java.net/browse/JDK
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Run: jarsigner -verify -verbose -certs /path/to/some.jar This will show (excessive) signing information as well as the certs used to sign. -DrD- I will see if I can get permission to send you the program. I believe all of my jars are signed with the same certificate. What is the best way to verify that? Thanks Kevin, Neil From: Kevin Rushforth kevin.rushfo...@oracle.com To: ngalarn...@abinitio.com, Cc: Scott Palmer swpal...@gmail.com, dmitry cherepanov dmitry.cherepa...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/16/2014 06:12 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Hi Neil, If you have a test program that you can send me, I can attach it for you. Question for you: are all of your jar files (including the third-party libs) signed with the same certificate? -- Kevin ngalarn...@abinitio.com wrote: Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From:Scott Palmer swpal...@gmail.com To:Kevin Rushforth kevin.rushfo...@oracle.com, Cc:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs. -- Kevin Kevin Rushforth wrote: Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough. I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot in their current form, in which case new bugs should be filed with the confidential information moved to confidential comments in the bug. I will help with this. -- Kevin Scott Palmer wrote: Drat... I was hoping to see something much sooner, like 8u20 (obviously too late now) or 8u40. I'm unable to use Web Start deployment because of this. Is it necessary for these issues to be blocked from anonymous viewing? Thanks for the update. Scott On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote: These are now assigned to Dmitry Cherapanov who I have copied here in case he isn't on the openjfx alias. They are both targeted to JDK 9. -- Kevin Scott Palmer wrote: I tried to send an email to Thomas asking about the status of these issues (they are not visible to me), but the email bounced (user unknown). Could someone let me know the status? Thanks, Scott On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com mailto:thomas.v
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Thank you David. Interesting. Output from my gradle build (which uses the shemnon javafx-plugin) looks like this: ... :classes :jar :jfxJar :jfxSignJar Signing (BLOB) C:\Users\ngalarneau\.gradle\caches\3rdpartylibrary.jar Signed as C:\directory\to\3rdpartylibrary.jar Signing (BLOB) C:\our\test\app.jar Signed as C:\our\test\app.jar :jfxCopyLibs :compilePackageJava UP-TO-DATE :compilePackageGroovy UP-TO-DATE :processPackageResources UP-TO-DATE :packageClasses UP-TO-DATE :jfxDeploy :assemble :compileTestJava UP-TO-DATE :compileTestGroovy UP-TO-DATE :processTestResources UP-TO-DATE :testClasses UP-TO-DATE :test UP-TO-DATE :check UP-TO-DATE :build BUILD SUCCESSFUL And, when I run the Applet, it runs just fine. But yet, when I run the command line David sent, jarsigner reports: jar is unsigned I'm confused. Thanks, Neil From: David DeHaven david.deha...@oracle.com To: ngalarn...@abinitio.com, Cc: Kevin Rushforth kevin.rushfo...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/16/2014 06:18 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Run: jarsigner -verify -verbose -certs /path/to/some.jar This will show (excessive) signing information as well as the certs used to sign. -DrD- I will see if I can get permission to send you the program. I believe all of my jars are signed with the same certificate. What is the best way to verify that? Thanks Kevin, Neil From: Kevin Rushforth kevin.rushfo...@oracle.com To: ngalarn...@abinitio.com, Cc: Scott Palmer swpal...@gmail.com, dmitry cherepanov dmitry.cherepa...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/16/2014 06:12 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Hi Neil, If you have a test program that you can send me, I can attach it for you. Question for you: are all of your jar files (including the third-party libs) signed with the same certificate? -- Kevin ngalarn...@abinitio.com wrote: Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From:Scott Palmer swpal...@gmail.com To:Kevin Rushforth kevin.rushfo...@oracle.com, Cc:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs. -- Kevin Kevin Rushforth wrote: Dmitry can comment further, but it is possible that this issue could be backported to 8u40 if done soon enough. I will double-check whether the bugs can be made non-confidential (so you can at least track progress), but I suspect they cannot
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Oh, right. Blob signing can't be verified with jarsigner... -DrD- Thank you David. Interesting. Output from my gradle build (which uses the shemnon javafx-plugin) looks like this: ... :classes :jar :jfxJar :jfxSignJar Signing (BLOB) C:\Users\ngalarneau\.gradle\caches\3rdpartylibrary.jar Signed as C:\directory\to\3rdpartylibrary.jar Signing (BLOB) C:\our\test\app.jar Signed as C:\our\test\app.jar :jfxCopyLibs :compilePackageJava UP-TO-DATE :compilePackageGroovy UP-TO-DATE :processPackageResources UP-TO-DATE :packageClasses UP-TO-DATE :jfxDeploy :assemble :compileTestJava UP-TO-DATE :compileTestGroovy UP-TO-DATE :processTestResources UP-TO-DATE :testClasses UP-TO-DATE :test UP-TO-DATE :check UP-TO-DATE :build BUILD SUCCESSFUL And, when I run the Applet, it runs just fine. But yet, when I run the command line David sent, jarsigner reports: jar is unsigned I'm confused. Thanks, Neil From:David DeHaven david.deha...@oracle.com To:ngalarn...@abinitio.com, Cc:Kevin Rushforth kevin.rushfo...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/16/2014 06:18 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Run: jarsigner -verify -verbose -certs /path/to/some.jar This will show (excessive) signing information as well as the certs used to sign. -DrD- I will see if I can get permission to send you the program. I believe all of my jars are signed with the same certificate. What is the best way to verify that? Thanks Kevin, Neil From: Kevin Rushforth kevin.rushfo...@oracle.com To: ngalarn...@abinitio.com, Cc: Scott Palmer swpal...@gmail.com, dmitry cherepanov dmitry.cherepa...@oracle.com, openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date: 06/16/2014 06:12 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Hi Neil, If you have a test program that you can send me, I can attach it for you. Question for you: are all of your jar files (including the third-party libs) signed with the same certificate? -- Kevin ngalarn...@abinitio.com wrote: Also, because I can't login, I can't add a comment to the bug report. I am also getting a security exception even though my applet is signed has all permissions. In this case it is happening on a call to getClassLoader() on the JavaFX thread (not a daemon thread): Exception in thread JavaFX Application Thread java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source) at java.lang.ClassLoader.checkClassLoaderPermission(Unknown Source) at java.lang.Class.getClassLoader(Unknown Source) ... The call to getClassLoader() happens from inside a 3rd party library if that matters. When I run the identical code as a desktop application it works fine EVEN WHEN I ADD MY OWN SECURITY MANAGER. Thank you for any help, Neil From:Scott Palmer swpal...@gmail.com To:Kevin Rushforth kevin.rushfo...@oracle.com, Cc:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net Date:06/13/2014 08:19 PM Subject:Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager Sent by:openjfx-dev openjfx-dev-boun...@openjdk.java.net Thank you. Is there a way that people that are not project authors can get notifications of updates? I can’t click to add myself to the watch list or vote without a login, and it seems to be near impossible to get a login. The Account Help” link on the login page is broken and everything I’ve found in the wiki indicates I need to be a project author to get an account. Scott On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote: Hi Scott, I created two new non-confidential bugs and closed the original ones as duplicates. Here are the new bugs: reflection in daemon thread: JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager security manager and applet-desc webstart mode: JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set Security Manager to null. I have copied Dmitry in case he has any information about these bugs
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Hi Scott,
I created two new non-confidential bugs and closed the original ones as
duplicates. Here are the new bugs:
reflection in daemon thread:
JDK-8046825 https://bugs.openjdk.java.net/browse/JDK-8046825 (was
JDK-8040699) : All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager
security manager and applet-desc webstart mode:
JDK-8046826 https://bugs.openjdk.java.net/browse/JDK-8046826 (was
JDK-8040231) : All permission fx javaws app could not set Security
Manager to null.
I have copied Dmitry in case he has any information about these bugs.
-- Kevin
Kevin Rushforth wrote:
Dmitry can comment further, but it is possible that this issue could
be backported to 8u40 if done soon enough.
I will double-check whether the bugs can be made non-confidential (so
you can at least track progress), but I suspect they cannot in their
current form, in which case new bugs should be filed with the
confidential information moved to confidential comments in the bug. I
will help with this.
-- Kevin
Scott Palmer wrote:
Drat... I was hoping to see something much sooner, like 8u20
(obviously too late now) or 8u40. I'm unable to use Web Start
deployment because of this.
Is it necessary for these issues to be blocked from anonymous viewing?
Thanks for the update.
Scott
On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth
kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote:
These are now assigned to Dmitry Cherapanov who I have copied here
in case he isn't on the openjfx alias. They are both targeted to
JDK 9.
-- Kevin
Scott Palmer wrote:
I tried to send an email to Thomas asking about the status of
these issues
(they are not visible to me), but the email bounced (user
unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
mailto:swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for
JavaFX apps
that are launched via Web Start with Java 8.0 and use
daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following
instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my
start() method
(and it lets me do it).
However, daemon threads started by my Service are unable
to use
reflection. (It is working in the main FX application
thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access
denied
(java.lang.reflect.ReflectPermission
suppressAccessChecks)
at
java.security.AccessControlContext.checkPermission(Unknown
Source)
at java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at
sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at
java.lang.reflect.AccessibleObject.setAccessible(Unknown
Source)
Caused by: java.security.AccessControlException: access
denied
(java.lang.RuntimePermission accessDeclaredMembers)
at
java.security.AccessControlContext.checkPermission(Unknown
Re: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Thank you.
Is there a way that people that are not project authors can get notifications
of updates? I can’t click to add myself to the watch list or vote without a
login, and it seems to be near impossible to get a login.
The Account Help” link on the login page is broken and everything I’ve found
in the wiki indicates I need to be a project author to get an account.
Scott
On Jun 13, 2014, at 8:05 PM, Kevin Rushforth kevin.rushfo...@oracle.com wrote:
Hi Scott,
I created two new non-confidential bugs and closed the original ones as
duplicates. Here are the new bugs:
reflection in daemon thread:
JDK-8046825 (was JDK-8040699) : All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager
security manager and applet-desc webstart mode:
JDK-8046826 (was JDK-8040231) : All permission fx javaws app could not set
Security Manager to null.
I have copied Dmitry in case he has any information about these bugs.
-- Kevin
Kevin Rushforth wrote:
Dmitry can comment further, but it is possible that this issue could be
backported to 8u40 if done soon enough.
I will double-check whether the bugs can be made non-confidential (so you
can at least track progress), but I suspect they cannot in their current
form, in which case new bugs should be filed with the confidential
information moved to confidential comments in the bug. I will help with
this.
-- Kevin
Scott Palmer wrote:
Drat... I was hoping to see something much sooner, like 8u20 (obviously too
late now) or 8u40. I'm unable to use Web Start deployment because of this.
Is it necessary for these issues to be blocked from anonymous viewing?
Thanks for the update.
Scott
On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth
kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote:
These are now assigned to Dmitry Cherapanov who I have copied here
in case he isn't on the openjfx alias. They are both targeted to
JDK 9.
-- Kevin
Scott Palmer wrote:
I tried to send an email to Thomas asking about the status of
these issues
(they are not visible to me), but the email bounced (user
unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
mailto:swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for
JavaFX apps
that are launched via Web Start with Java 8.0 and use
daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following
instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my
start() method
(and it lets me do it).
However, daemon threads started by my Service are unable
to use
reflection. (It is working in the main FX application
thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at
java.security.AccessControlContext.checkPermission(Unknown
Source
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
I tried to send an email to Thomas asking about the status of these issues
(they are not visible to me), but the email bounced (user unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for JavaFX apps
that are launched via Web Start with Java 8.0 and use daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my start() method
(and it lets me do it).
However, daemon threads started by my Service are unable to use
reflection. (It is working in the main FX application thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
at
ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
... 33 more
I bring it up here because FXAppletSecurityManager is involved and
this smells like a possible bug in plugin2
Regards,
Scott
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
These are now assigned to Dmitry Cherapanov who I have copied here in
case he isn't on the openjfx alias. They are both targeted to JDK 9.
-- Kevin
Scott Palmer wrote:
I tried to send an email to Thomas asking about the status of these issues
(they are not visible to me), but the email bounced (user unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for JavaFX apps
that are launched via Web Start with Java 8.0 and use daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my start() method
(and it lets me do it).
However, daemon threads started by my Service are unable to use
reflection. (It is working in the main FX application thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
at
ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
... 33 more
I bring it up here because FXAppletSecurityManager is involved and
this smells like a possible bug in plugin2
Regards,
Scott
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Drat... I was hoping to see something much sooner, like 8u20 (obviously too
late now) or 8u40. I'm unable to use Web Start deployment because of this.
Is it necessary for these issues to be blocked from anonymous viewing?
Thanks for the update.
Scott
On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth
kevin.rushfo...@oracle.com wrote:
These are now assigned to Dmitry Cherapanov who I have copied here in case
he isn't on the openjfx alias. They are both targeted to JDK 9.
-- Kevin
Scott Palmer wrote:
I tried to send an email to Thomas asking about the status of these issues
(they are not visible to me), but the email bounced (user unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng thomas.v...@oracle.com
wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for JavaFX apps
that are launched via Web Start with Java 8.0 and use daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my start() method
(and it lets me do it).
However, daemon threads started by my Service are unable to use
reflection. (It is working in the main FX application thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(
PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty(
PropertyResolver.java:240)
at
ma.glasnost.orika.property.IntrospectorPropertyResolver.
collectProperties(IntrospectorPropertyResolver.java:83)
... 33 more
I bring it up here because FXAppletSecurityManager is involved and
this smells like a possible bug in plugin2
Regards,
Scott
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Dmitry can comment further, but it is possible that this issue could be
backported to 8u40 if done soon enough.
I will double-check whether the bugs can be made non-confidential (so
you can at least track progress), but I suspect they cannot in their
current form, in which case new bugs should be filed with the
confidential information moved to confidential comments in the bug. I
will help with this.
-- Kevin
Scott Palmer wrote:
Drat... I was hoping to see something much sooner, like 8u20
(obviously too late now) or 8u40. I'm unable to use Web Start
deployment because of this.
Is it necessary for these issues to be blocked from anonymous viewing?
Thanks for the update.
Scott
On Wed, Jun 11, 2014 at 11:57 AM, Kevin Rushforth
kevin.rushfo...@oracle.com mailto:kevin.rushfo...@oracle.com wrote:
These are now assigned to Dmitry Cherapanov who I have copied here
in case he isn't on the openjfx alias. They are both targeted to
JDK 9.
-- Kevin
Scott Palmer wrote:
I tried to send an email to Thomas asking about the status of
these issues
(they are not visible to me), but the email bounced (user
unknown). Could
someone let me know the status?
Thanks,
Scott
On Thu, Apr 17, 2014 at 1:25 AM, Thomas Ng
thomas.v...@oracle.com mailto:thomas.v...@oracle.com wrote:
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com
mailto:swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for
JavaFX apps
that are launched via Web Start with Java 8.0 and use
daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following
instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my
start() method
(and it lets me do it).
However, daemon threads started by my Service are unable
to use
reflection. (It is working in the main FX application
thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at
java.security.AccessControlContext.checkPermission(Unknown
Source)
at java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at
sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at
java.lang.reflect.AccessibleObject.setAccessible(Unknown
Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at
java.security.AccessControlContext.checkPermission(Unknown
Source)
at java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at
sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty
Re: Fwd: All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Thanks for the report!
Two bugs created for this:
security manager and applet-desc webstart mode:
https://bugs.openjdk.java.net/browse/JDK-8040231
reflection in daemon thread:
https://bugs.openjdk.java.net/browse/JDK-8040699
-thomas
*From: *Scott Palmer swpal...@gmail.com mailto:swpal...@gmail.com
*Subject: **All-Permissions not working properly with
sun.plugin2.applet.FXAppletSecurityManager*
*Date: *April 14, 2014 at 1:07:36 PM PDT
*To: *openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net openjfx-dev@openjdk.java.net
mailto:openjfx-dev@openjdk.java.net
Can someone confirm that all-permissions is working for JavaFX apps
that are launched via Web Start with Java 8.0 and use daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my start() method
(and it lets me do it).
However, daemon threads started by my Service are unable to use
reflection. (It is working in the main FX application thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown
Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
at
ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
... 33 more
I bring it up here because FXAppletSecurityManager is involved and
this smells like a possible bug in plugin2
Regards,
Scott
All-Permissions not working properly with sun.plugin2.applet.FXAppletSecurityManager
Can someone confirm that all-permissions is working for JavaFX apps
that are launched via Web Start with Java 8.0 and use daemon threads
in a Service?
I have a JNLP file that has:
security
all-permissions/
/security
and the manifest of my app's jar has the following instruction in my
Gradle script:
jar {
manifest {
attributes('Permissions': 'all-permissions',
'Codebase': '*')
}
}
I'm using the javafx gradle plugin and signing the jars...
e.g. I see this for every dependency and the main jar:
...
Signing (BLOB) C:\Users\scott\.m2\caches\path\to\some.jar
Signed as C:\Users\scott\dev\MyProject\build\libs\some.jar
...
I even tried System.setSecurityManager(null); in my start() method
(and it lets me do it).
However, daemon threads started by my Service are unable to use
reflection. (It is working in the main FX application thread.) I see
the following stack trace in the Java console:
Caused by: java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethod(Unknown Source)
at
ma.glasnost.orika.property.PropertyResolver.resolvePropertyType(PropertyResolver.java:304)
at
ma.glasnost.orika.property.PropertyResolver.processProperty(PropertyResolver.java:240)
at
ma.glasnost.orika.property.IntrospectorPropertyResolver.collectProperties(IntrospectorPropertyResolver.java:83)
... 33 more
I bring it up here because FXAppletSecurityManager is involved and
this smells like a possible bug in plugin2
Regards,
Scott
