Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 1.2
    • Labels:
      None
    • Environment:

      Maven 3.1.1, OpenJDK 1.7 (IcedTea 2.4.4), Linux

      Description

      SecurityAllowedTestCase fails randomly, which could indicate either a bug in the test case or in the implementation.

      On some random condition the call to log.info("testing"); in the test case results in security exceptions, which are recorded by MockSecurityManager causing the test case to fail. Adding a call to Thread.sleep just before or just after the call to log.info helps with reproducing the problem.

      The path leading to SecurityException being thrown is:

      java.lang.SecurityException: Untrusted code [testcase] found
      	at org.apache.commons.logging.security.MockSecurityManager.checkPermission(MockSecurityManager.java:126)
      	at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529)
      	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:305)
      	at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
      	at java.util.ResourceBundle$RBClassLoader.loadClass(ResourceBundle.java:450)
      	at java.util.ResourceBundle$Control.newBundle(ResourceBundle.java:2566)
      	at java.util.ResourceBundle.loadBundle(ResourceBundle.java:1436)
      	at java.util.ResourceBundle.findBundle(ResourceBundle.java:1400)
      	at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1296)
      	at java.util.ResourceBundle.getBundle(ResourceBundle.java:721)
      	at java.util.logging.Level.getLocalizedLevelName(Level.java:259)
      	at java.util.logging.SimpleFormatter.format(SimpleFormatter.java:161)
      	at java.util.logging.StreamHandler.publish(StreamHandler.java:196)
      	at java.util.logging.ConsoleHandler.publish(ConsoleHandler.java:105)
      	at java.util.logging.Logger.log(Logger.java:610)
      	at java.util.logging.Logger.doLog(Logger.java:631)
      	at java.util.logging.Logger.logp(Logger.java:747)
      	at org.apache.commons.logging.impl.Jdk14Logger.log(Jdk14Logger.java:87)
      	at org.apache.commons.logging.impl.Jdk14Logger.info(Jdk14Logger.java:176)
      	at org.apache.commons.logging.security.SecurityAllowedTestCase.testAllAllowed(SecurityAllowedTestCase.java:115)
      

        Activity

        Hide
        Thomas Neidhart added a comment -

        Fixed in r1606000.

        The reason for the test error was because OpenJDK loads some ResourceBundles without calling AccessController#doPrivileged().

        Our test setup assumed that this was an unprivileged access and thus reported the error, but this is wrong imho.

        Show
        Thomas Neidhart added a comment - Fixed in r1606000. The reason for the test error was because OpenJDK loads some ResourceBundles without calling AccessController#doPrivileged(). Our test setup assumed that this was an unprivileged access and thus reported the error, but this is wrong imho.

          People

          • Assignee:
            Unassigned
            Reporter:
            Mikolaj Izdebski
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development