Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Desktop >> Deploying

Java 6 JavaCompiler PropertyPermission problem

Hi

I am using the new javax.tools functionalities to compile on the fly java code. This works fine when run as standalone application, but I get an exception when I try to run through web start. The error I get is the following:

error: Could not createclass loaderfor annotation processors: access denied (java.util.PropertyPermission java.endorsed.dirs read)

In the jnlp I have specified the <security><all-permissions/></security> part (and in fact other parts which do require privileges do work fine!). I also do a small test in the code:

java.util.PropertyPermission perm =new java.util.PropertyPermission("java.endorsed.dirs","read");

System.getSecurityManager().checkPermission(perm);

and this does not generate an exception.

I have also tried to run the code in a doPrivileged section... no result.

The full source code looks like this:

java.util.PropertyPermission perm =new java.util.PropertyPermission("java.endorsed.dirs","read");

System.getSecurityManager().checkPermission(perm);

final Map<String, JavaFileObject> output =

new HashMap<String, JavaFileObject>();

final JavaCompiler compiler =

ToolProvider.getSystemJavaCompiler();

final DiagnosticCollector<JavaFileObject> diagnostics =

new DiagnosticCollector<JavaFileObject>();

final JavaFileManager jfm =new

ForwardingJavaFileManager<StandardJavaFileManager> (

compiler.getStandardFileManager(diagnostics, Locale.getDefault(), Charset.defaultCharset())){

@Override

public JavaFileObject getJavaFileForOutput(Location location,

String name,

Kind kind,

FileObject sibling)throws IOException{

JavaFileObject jfo =new RAMJavaFileObject(name, kind);

output.put(name, jfo);

return jfo;

}

};

final List<JavaFileObject> files =new ArrayList<JavaFileObject>();

for ( FileSpec fs : fileSpecs )

files.add(generateJavaSource(fs.getFileName(), fs.getSource()));

CompilationTask task = compiler.getTask(

null, jfm, diagnostics, null, null,

files);

if (! task.call()){

for(Diagnostic dm : diagnostics.getDiagnostics())

System.err.println(dm);

thrownew RuntimeException("Could not compile");

}

(some parts are omitted)

Can anybody help?

Thanks,

Vito Impagliazzo

[3464 byte] By [vimpagliazzoa] at [2007-11-27 1:35:57]
«« cannot resolve symbol toDate()
»» dynamic file name
# 1

If I put

grant {

permission java.security.AllPermission;

};

in the client javaws.policy file (which obviously is not a viable solution), the permission error disappear. However compilation fails because the code to compile refers to classes which are no more in the class path under webstart (since web start uses a custom class loader). But probably this is the wrong forum anyway...

Still the security problem is not fixed...

vimpagliazzoa at 2007-7-12 0:44:53 > top of Java-index,Desktop,Deploying...
# 2

I'm not knowledgable about the interal workings of ToolProvider, but most cases where security exceptions come to applications that have been granted all-permissions show the exceptions are coming from code loaded by other class loaders (not from code in jars listed in the jnlp file, and loaded by the JNLPClassLoader).

The <all-permissions> tag in the jnlp file only grants all-permissions to code listed in that jnlp file. If code is loaded by other class loaders, it is up to that class loader to determin permissions for that code when run with a SecurityManager installed.

That being said frequently the only way around this for a JNLP application is to uninstall the security manager before invoking such code:

System.setSecurityManager(null);

/Andy

dietz333a at 2007-7-12 0:44:53 > top of Java-index,Desktop,Deploying...
Desktop
Deploying

Desktop New Topic

Desktop Hot Topic

Desktop

All Classified