[Help-jel] java.security.AccessControlException

Recently added access to System.getProperties and when we run as a java webstart (with full security permissions) I am seeing

java.security.AccessControlException: access denied (java.util.PropertyPermission timestamp read)      
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)   
at java.security.AccessController.checkPermission(AccessController.java:401)   
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) 
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1276)    
at java.lang.System.getProperty(System.java:573)       
at com.gs.mac.eval.JWSTestStatics.getTimestamp(JWSTestStatics.java:5)  
at dump.evaluate(Unknown Source)       
at com.gs.mac.eval.JWSTest.main(JWSTest.java:31)       
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)       
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)       
at java.lang.reflect.Method.invoke(Method.java:324)    
at com.sun.javaws.Launcher.executeApplication(Unknown Source)  
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)    
at com.sun.javaws.Launcher.continueLaunch(Unknown Source)      
at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)       
at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)     at com.sun.javaws.Launcher.run(Unknown Source) 
at java.lang.Thread.run(Thread.java:534)

Jel 9.11 works fine running as a native program
All jars are signed and java WS is admitting that I have all-permissions

Java Web Start 1.2 Console, started Fri Oct 05 13:12:20 EDT 2007
Java 2 Runtime Environment: Version 1.4.2_13 by Sun Microsystems Inc.
Permission requested for: file:/C:/temp/javaws/cache/http/Dnhdtdsa01.ny.fw.gs.com/P8080/RMJWSTest.jar
Found certificate chain of length 2 in codesource
Found certificate chain of length 2 in cache
adding all-permissions object
Permission requested for: file:/C:/temp/javaws/cache/http/Dnhdtdsa01.ny.fw.gs.com/P8080/RMjel.jar
Found certificate chain of length 2 in codesource
Found certificate chain of length 2 in cache
adding all-permissions object

Work great w/o the system.getProperty()

Is this related to the custom class loader? Do I need to add System as a static lib?

package com.gs.mac.eval;
import gnu.jel.CompiledExpression;
import gnu.jel.Evaluator;
import gnu.jel.Library;

import java.awt.Dimension;
import java.awt.Toolkit;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;

import javax.swing.JFrame;
import javax.swing.JScrollPane;
import javax.swing.JTextArea;

public class JWSTest {
        private static String version = "1.2";
        public static void main(String[] args) throws Throwable {
                String expr = "getTimestamp()";
                // Set up the library
                Class[] staticLib = new Class[1];
                staticLib[0] = JWSTestStatics.class;
                Library lib = new Library(staticLib, null, null, null);
                lib.markStateDependent("getTimestamp", null);
                CompiledExpression c = Evaluator.compile(expr, lib);
                String s = (String) c.evaluate(null);
                System.out
                                .println("This is version " + JWSTest.version + " (the timestamp value is "
                                                + System.getProperty("timestamp") + ")" + System.getProperty("line.separator")

                                                + System.getProperties());
                JFrame frame = new JFrame();
                Dimension d = Toolkit.getDefaultToolkit().getScreenSize();
                frame.setTitle("JWSTest version " + JWSTest.version);
                frame.setSize(d.width * 3 / 4, d.height * 3 / 4);
                frame.setLocation(d.width / 8, d.height / 8);
                frame.addWindowListener(new WindowAdapter() {
                        public void windowClosing(WindowEvent e) {
                                System.exit(0);
                        }
                });
                JTextArea textArea = new JTextArea(20, 60);
                textArea
                                .setText("This is version " + JWSTest.version + " (the timestamp value is "
                                                + System.getProperty("timestamp") + ")" + System.getProperty("line.separator")

                                                + System.getProperties());
                JScrollPane scrollPane = new JScrollPane(textArea);
                frame.getContentPane().add(scrollPane);
                frame.setVisible(true);
        }
}

package com.gs.mac.eval;

public class JWSTestStatics {
        public static String getTimestamp() {
                return System.getProperty("timestamp");
        }

}

_______________________________________________
Help-jel mailing list
Help-jel@...
http://lists.gnu.org/mailman/listinfo/help-jel

In the middle of port, so I will not get to it till next week.
Thank you for your prompt attention to this
 

-----Original Message-----
From: Konstantin L. Metlov [mailto:metlov@...]
Sent: Friday, October 12, 2007 2:22 PM
To: Chappelear, Jack
Cc: help-jel@...
Subject: Re: [Help-jel] java.security.AccessControlException

Dear Jack,

I was able to reproduce the problem (thanks to your nice testcase) and
have fixed it. Now JEL expressions inherit the security context of JEL
itself. Please download the new version 2.0.1 and try it.

Either from homepage

http://kinetic.ac.donetsk.ua/JEL/ 

or directly from

ftp://ftp.gnu.org/pub/gnu/jel/jel-2.0.1.tar.gz
ftp://ftp.gnu.org/pub/gnu/jel/jel-2_0_1.zip

It works for me (although I did not try signing the jars, but set their
permissions by code source through .java.policy file) under the default
Java Security Manager.

Please also note that JEL is now distributed under GPLv3 license.

With the best regards,
                          Konstantin.


_______________________________________________
Help-jel mailing list
Help-jel@...
http://lists.gnu.org/mailman/listinfo/help-jel