Getting rid of AllPermission

Jan Newmarch (jan@ise.canberra.edu.au)
Wed, 14 Jul 1999 11:31:54 +1000 (EST)

Date: Wed, 14 Jul 1999 11:31:54 +1000 (EST)
From: Jan Newmarch <jan@ise.canberra.edu.au>
To: java-security@java.sun.com
Subject: Getting rid of AllPermission

To avoid security issues during development I set the policy

permission java.security.AllPermission "", "";

Now I want to go for something more sensible. The problem is that
I am building on top of layers of libraries (Jini, RMI, etc) and
don't actually know what permissions were getting granted by this
generous policy. So when I start with an empty policy I don't
know what I should be adding to get the application to work.

It shows up in
- some security exceptions get thrown. Good, I can handle these

- the application goes into a timeout holdup somewhere. Bad - I
don't know what permission request is holding up the system

- the application hangs indefinitely. Bad, for the same reason.
Worse, it never runs

Searching the doco and code of all of these libraries is
time-consuming and not always profitable. I tried subclassing my
security manager to print out info

class MyRMISecurityManager extends RMISecurityManager {
public void checkPermission(Permission perm) {
System.out.println(perm.toString());
super.checkPermission(perm);
}
}

and got into an infinite recursion. (see below)

Is there a "verbose" mode that I can turn on (maybe by some
property setting), or any other reasonable way I can find out
what permissions are being granted for my app by AllPermission?

Thanks,

Jan

--

Here is _part_ of the stack trace when it overflows:

.... omitted stuff above here .... at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.security.Security.getProperty(Compiled Code) at sun.security.provider.PolicyFile.initPolicyFile(Compiled Code) at sun.security.provider.PolicyFile.access$0(Compiled Code) at sun.security.provider.PolicyFile$1.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.init(Compiled Code) at sun.security.provider.PolicyFile.getPermissions(Compiled Code) at sun.security.provider.PolicyPermissions.init(Compiled Code) at sun.security.provider.PolicyPermissions.implies(Compiled Code) at java.security.ProtectionDomain.implies(Compiled Code) at java.security.AccessControlContext.checkPermission(Compiled Code) at java.security.AccessController.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPermission(Compiled Code) at client.MyRMISecurityManager.checkPermission(Compiled Code) at java.lang.SecurityManager.checkPropertyAccess(Compiled Code) at java.lang.System.getProperty(Compiled Code) at java.lang.Integer.getInteger(Compiled Code) at java.lang.Integer.getInteger(Compiled Code) at sun.security.action.GetIntegerAction.run(Compiled Code) at java.security.AccessController.doPrivileged(Native Method)

at java.lang.System.setSecurityManager(Compiled Code) at client.TestFileClassifier.<init>(Compiled Code) at client.TestFileClassifier.main(Compiled Code)

Jan Newmarch, Information Science and Engineering, University of Canberra, PO Box 1, Belconnen, Act 2616 Australia. Tel: (61) 2-62012422. Fax: (61) 2-62015041 AARNet: jan@ise.canberra.edu.au WWW: http://pandonia.canberra.edu.au

"Microsoft sells you Windows. Linux gives you the whole house."