Date: Wed, 14 Jul 1999 11:31:54 +1000 (EST)
From: Jan Newmarch <jan@ise.canberra.edu.au>
To: java-security@java.sun.com
Subject: Getting rid of AllPermission
To avoid security issues during development I set the policy
permission java.security.AllPermission "", "";
Now I want to go for something more sensible. The problem is that
I am building on top of layers of libraries (Jini, RMI, etc) and
don't actually know what permissions were getting granted by this
generous policy. So when I start with an empty policy I don't
know what I should be adding to get the application to work.
It shows up in
- some security exceptions get thrown. Good, I can handle these
- the application goes into a timeout holdup somewhere. Bad - I
don't know what permission request is holding up the system
- the application hangs indefinitely. Bad, for the same reason.
Worse, it never runs
Searching the doco and code of all of these libraries is
time-consuming and not always profitable. I tried subclassing my
security manager to print out info
class MyRMISecurityManager extends RMISecurityManager {
public void checkPermission(Permission perm) {
System.out.println(perm.toString());
super.checkPermission(perm);
}
}
and got into an infinite recursion. (see below)
Is there a "verbose" mode that I can turn on (maybe by some
property setting), or any other reasonable way I can find out
what permissions are being granted for my app by AllPermission?
Thanks,
Jan
--Here is _part_ of the stack trace when it overflows:
.... omitted stuff above here .... at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPropertyAccess(Compiled Code) at java.lang.System.getProperty(Compiled Code) at java.lang.Integer.getInteger(Compiled Code) at java.lang.Integer.getInteger(Compiled Code) at sun.security.action.GetIntegerAction.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method)
at java.lang.System.setSecurityManager(Compiled Code) at client.TestFileClassifier.<init>(Compiled Code) at client.TestFileClassifier.main(Compiled Code)
Jan Newmarch, Information Science and Engineering, University of Canberra, PO Box 1, Belconnen, Act 2616 Australia. Tel: (61) 2-62012422. Fax: (61) 2-62015041 AARNet: jan@ise.canberra.edu.au WWW: http://pandonia.canberra.edu.au
"Microsoft sells you Windows. Linux gives you the whole house."