Uploaded image for project: 'Lucene - Core'
  1. Lucene - Core
  2. LUCENE-7135

Constants check for JRE bitness causes SecurityException under WebStart

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5
    • Fix Version/s: 5.5.4, 6.3, 7.0
    • Component/s: core/other
    • Labels:
      None
    • Environment:

      OS X 10.11.4, Java 1.8.0_77-b03 (under WebStart)

    • Lucene Fields:
      New, Patch Available

      Description

      I have an app that I deploy via WebStart that uses Lucene 5.2.1 (we are locked to 5.2.1 because that's what LanguageTool uses).

      When running under the WebStart security manager, there are two locations where exceptions are thrown and prevent pretty much all Lucene classes from initializing. This is true even when we sign everything and specify <security><all-permissions/></security>.

      1. In RamUsageEstimator, fixed by LUCENE-6923
      2. In Constants, caused by the call System.getProperty("sun.arch.data.model") (stack trace below).
        Error: Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "sun.arch.data.model" "read") 
        Error: 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) 
        Error: 	at java.security.AccessController.checkPermission(AccessController.java:884) 
        Error: 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) 
        Error: 	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(Unknown Source) 
        Error: 	at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294) 
        Error: 	at java.lang.System.getProperty(System.java:717) 
        Error: 	at org.apache.lucene.util.Constants.<clinit>(Constants.java:71) 
        Error: 	... 34 more 
        

      The latter is still present in the latest version. My patch illustrates one solution that appears to be working for us.

      (This patch, together with a backport of the fix to LUCENE-6923, seems to fix the issue for our purposes. However if you really wanted to make my day you could put out a maintenance release of 5.2 with both fixes included.)

        Attachments

        1. LUCENE-7135.diff
          2 kB
          Aaron Madlon-Kay

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              amake Aaron Madlon-Kay
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: