Bug ID: 6648816 REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC

6648816 : REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC

Details

Type:	Bug	Submit Date:	2008-01-09
Status:	Closed	Updated Date:	2011-03-07
Project Name:	JDK	Resolved Date:	2011-03-07
Component:	security-libs	OS:	solaris_2.5.1
Sub-Component:	java.security	CPU:	sparc
Priority:	P3
Resolution:	Fixed
Affected Versions:	6u4
Fixed Versions:	7

Related Reports

Backport:	JDK-2159951 - REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
Backport:	JDK-2182178 - REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
Backport:	JDK-2158027 - REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC

Sub Tasks

Description

1) Write a simple negative (junit) test that uses AccessController.checkPermission

public void testACCNeg() {

try {
            AccessController.checkPermission(new TestPermission("nonExistPermission"));
            fail("Authorzation check should have failed");
        } catch (SecurityException se) {
            // ignore
        }
}

2) Run this test with -Djava.security.debug=failure, and you will see output similar to the following:

     [java] TestCase: testACCNeg
     [java] ERROR Message: java.lang.NullPointerException
     [java]     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:311)
     [java]     at java.security.AccessController.checkPermission(AccessController.java:546)

3) Here is the offending code in AccessController.java:

		    if (!dumpDebug) {
			debug.println("access denied " + perm);
		    }

The conditional is incorrect and the field debug is null -- hence the NPE. The "!" should be removed.

Release Regression From : 6u3
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

Release Regression From : 6
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

Release Regression From : 6
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

Comments

WORK AROUND If user wanna 'falure' debug message, they have to enable security manager. As a workaround, "-Djava.security.manager -Djava.security.debug=access,failure" is the expected definitions.
2008-02-15
WORK AROUND Actually the customer states, they used "access,failure" when they ran into the NPE.
2008-01-14
EVALUATION AccessControlContext.checkPermission(Permission) does not check the 'debug' instance.
2008-01-10
WORK AROUND Just like the "stack", "domain" debug options, the "failure" only works as a sub option of "access". If one wanna enable "failure" option, please use -Djava.security.debug=access,failure.
2008-01-10
WORK AROUND The only workaround is to NOT set -Djava.security.debug=failure, which is really not a workaround and is considered a very severe restriction considering the limited debug logging facility available in JVM.
2008-01-09

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together