This page is no longer maintained — Please continue to the home page at www.scala-lang.org

SecurityException when running App in Java Web Start sandbox

2 replies
Fri, 2011-06-24, 06:16
Sam Reid
Joined: 2011-05-09,
User offline. Last seen 42 years 45 weeks ago.

I recently rewrote one of my Scala applications to use App, and it
worked great in my development environment. However, when we deployed
it under Web Start, it crashed with a Java Web Start Error: access
denied (java.util.PropertyPermission scala.time read). Here is the
top of the stack trace:

java.security.AccessControlException: access denied
(java.util.PropertyPermission scala.time read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at scala.util.PropertiesTrait$class.propIsSet(Properties.scala:44)
at scala.App$class.main(App.scala:61)
at
edu.colorado.phet.motionseries.sims.rampforcesandmotion.RampForcesAndMotionApplication
$.main(RampForcesAndMotionApplication.scala:123)
........

The Java Web Start console prints this:

#### Java Web Start Error:
#### access denied (java.util.PropertyPermission scala.time read)

The source code for App.scala on lampsvn here:
http://lampsvn.epfl.ch/svn-repos/scala/scala/trunk/src/library/scala/App...

shows that main is implemented like this:

def main(args: Array[String]) = {
this._args = args
for (proc <- initCode) proc()
if (util.Properties.propIsSet("scala.time")) {
val total = currentTime - executionStart
Console.println("[total " + total + "ms]")
}
}

Can App.main be rewritten to check for permission to read this system
property, or alternatively try/catching the AccessControlException (or
maybe there is a better Scala way for handling this issue)? Without a
fix for this, I don't think we will be able to use App for any of our
production Scala applications since they run in the Java Web Start
sandbox. I haven't tested it, but maybe the former solution would
look something like this:

def main(args: Array[String]) = {
this._args = args
for ( proc <- initCode ) {
proc()
}

/*If we have the permission to check the "scala.time" property, do
so and print the time the application took to start up.
Permission checks are necessary because Java Web Start's
SecurityManager (and possibly others) will not grant permission
to read the "scala.time" property.*/
val scalaTimePropertyKey = "scala.time"
val permissionToRead = if ( System.getSecurityManager != null ) {
try {
System.getSecurityManager.checkPermission(new
PropertyPermission(scalaTimePropertyKey, "read"))
true
}
catch {
case _ => false
}
}
if ( permissionToRead &&
util.Properties.propIsSet(scalaTimePropertyKey) ) {
val total = currentTime - executionStart
Console.println("[total " + total + "ms]")
}
}

Please let me know if you'd prefer that I post this request on a
different mailing list or in a bug/feature tracker.

Thanks!
Sam

Top
Fri, 2011-06-24, 16:07
#1
Martin Odersky
Joined: 2009-10-07,
User offline. Last seen 42 years 45 weeks ago.
Re: SecurityException when running App in Java Web Start sandbo

It would be best to file a ticket on Jura for this.

thanks

Martin

Sent from my phone

On Jun 24, 2011, at 7:16, Sam Reid wrote:

> I recently rewrote one of my Scala applications to use App, and it
> worked great in my development environment. However, when we deployed
> it under Web Start, it crashed with a Java Web Start Error: access
> denied (java.util.PropertyPermission scala.time read). Here is the
> top of the stack trace:
>
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission scala.time read)
> at java.security.AccessControlContext.checkPermission(Unknown
> Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
> at java.lang.System.getProperty(Unknown Source)
> at scala.util.PropertiesTrait$class.propIsSet(Properties.scala:44)
> at scala.App$class.main(App.scala:61)
> at
> edu.colorado.phet.motionseries.sims.rampforcesandmotion.RampForcesAndMotionApplication

> $.main(RampForcesAndMotionApplication.scala:123)
> ........
>
> The Java Web Start console prints this:
>
> #### Java Web Start Error:
> #### access denied (java.util.PropertyPermission scala.time read)
>
> The source code for App.scala on lampsvn here:
> http://lampsvn.epfl.ch/svn-repos/scala/scala/trunk/src/library/scala/App...
>
> shows that main is implemented like this:
>
> def main(args: Array[String]) = {
> this._args = args
> for (proc <- initCode) proc()
> if (util.Properties.propIsSet("scala.time")) {
> val total = currentTime - executionStart
> Console.println("[total " + total + "ms]")
> }
> }
>
> Can App.main be rewritten to check for permission to read this system
> property, or alternatively try/catching the AccessControlException (or
> maybe there is a better Scala way for handling this issue)? Without a
> fix for this, I don't think we will be able to use App for any of our
> production Scala applications since they run in the Java Web Start
> sandbox. I haven't tested it, but maybe the former solution would
> look something like this:
>
> def main(args: Array[String]) = {
> this._args = args
> for ( proc <- initCode ) {
> proc()
> }
>
> /*If we have the permission to check the "scala.time" property, do
> so and print the time the application took to start up.
> Permission checks are necessary because Java Web Start's
> SecurityManager (and possibly others) will not grant permission
> to read the "scala.time" property.*/
> val scalaTimePropertyKey = "scala.time"
> val permissionToRead = if ( System.getSecurityManager != null ) {
> try {
> System.getSecurityManager.checkPermission(new
> PropertyPermission(scalaTimePropertyKey, "read"))
> true
> }
> catch {
> case _ => false
> }
> }
> if ( permissionToRead &&
> util.Properties.propIsSet(scalaTimePropertyKey) ) {
> val total = currentTime - executionStart
> Console.println("[total " + total + "ms]")
> }
> }
>
> Please let me know if you'd prefer that I post this request on a
> different mailing list or in a bug/feature tracker.
>
> Thanks!
> Sam

Top
Fri, 2011-06-24, 16:47
#2
Sam Reid
Joined: 2011-05-09,
User offline. Last seen 42 years 45 weeks ago.
Re: SecurityException when running App in Java Web Start sandbo
I created JIRA ticket SI-4734 for this issue:https://issues.scala-lang.org/browse/SI-4734
Thanks!Sam
On Fri, Jun 24, 2011 at 9:02 AM, Martin Odersky <odersky@gmail.com> wrote:
It would be best to file a ticket on Jura for this.

 thanks

  Martin

Sent from my phone


On Jun 24, 2011, at 7:16, Sam Reid <samrreid@gmail.com> wrote:

I recently rewrote one of my Scala applications to use App, and it
worked great in my development environment. However, when we deployed
it under Web Start, it crashed with a Java Web Start Error: access
denied (java.util.PropertyPermission scala.time read).  Here is the
top of the stack trace:

java.security.AccessControlException: access denied
(java.util.PropertyPermission scala.time read)
  at java.security.AccessControlContext.checkPermission(Unknown Source)
  at java.security.AccessController.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
  at java.lang.System.getProperty(Unknown Source)
  at scala.util.PropertiesTrait$class.propIsSet(Properties.scala:44)
  at scala.App$class.main(App.scala:61)
  at
edu.colorado.phet.motionseries.sims.rampforcesandmotion.RampForcesAndMotionApplication


$.main(RampForcesAndMotionApplication.scala:123)
      ........

The Java Web Start console prints this:

#### Java Web Start Error:
#### access denied (java.util.PropertyPermission scala.time read)

The source code for App.scala on lampsvn here:
http://lampsvn.epfl.ch/svn-repos/scala/scala/trunk/src/library/scala/App.scala

shows that main is implemented like this:

 def main(args: Array[String]) = {
  this._args = args
  for (proc <- initCode) proc()
  if (util.Properties.propIsSet("scala.time")) {
    val total = currentTime - executionStart
    Console.println("[total " + total + "ms]")
  }
 }

Can App.main be rewritten to check for permission to read this system
property, or alternatively try/catching the AccessControlException (or
maybe there is a better Scala way for handling this issue)?  Without a
fix for this, I don't think we will be able to use App for any of our
production Scala applications since they run in the Java Web Start
sandbox.  I haven't tested it, but maybe the former solution would
look something like this:

 def main(args: Array[String]) = {
  this._args = args
  for ( proc <- initCode ) {
    proc()
  }

  /*If we have the permission to check the "scala.time" property, do
so and print the time the application took to start up.
  Permission checks are necessary because Java Web Start's
SecurityManager (and possibly others) will not grant permission
  to read the "scala.time" property.*/
  val scalaTimePropertyKey = "scala.time"
  val permissionToRead = if ( System.getSecurityManager != null ) {
    try {
      System.getSecurityManager.checkPermission(new
PropertyPermission(scalaTimePropertyKey, "read"))
      true
    }
    catch {
      case _ => false
    }
  }
  if ( permissionToRead &&
util.Properties.propIsSet(scalaTimePropertyKey) ) {
    val total = currentTime - executionStart
    Console.println("[total " + total + "ms]")
  }
 }

Please let me know if you'd prefer that I post this request on a
different mailing list or in a bug/feature tracker.

Thanks!
Sam

Top

Copyright © 2012 École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland