Login/Register
Passing a custom java security policy file to surefire maven test fails, results in access control error for everything
Asked Answered
javamavensecuritysurefire
S

0

7

I'm trying to pass a custom security policy file to surefire to run some tests. (Specifically, I'm adding classes in java.lang to test a profiler and I want permission to define classes in there.)

I'm not sure if my problem is with the security policy, or with the args I'm passing to surefire.

As per maven docs here, I have this plugin configuration:

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>2.18.1</version>
        <configuration>
            <argLine>-Djava.security.manager -Djava.security.policy==java.policy</argLine>
        </configuration>
    </plugin>

I've tried file:// paths to the file and other variations.

Note the == syntax on -Djava.security.policy==java.policy is correct, according to this oracle doc

If you use

java -Djava.security.manager -Djava.security.policy==someURL SomeApp (note the double equals) then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored.

Here is my security policy file:

grant codeBase "file:${{java.ext.dirs}}/*" {
        permission java.security.AllPermission;
};

grant {
    permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
    permission java.security.AllPermission;
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

If I don't specify the policy args, I get an AccessControlError trying to define a class in java.lang, as expected.

If I add the policy args, it is as if I wiped out all grant policies, the tests fail on simply accessing a file - I imagine it is failing on the first access control it attempts:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/me/myproj/target/surefire/surefire_03237249516701375492tmp" "read")

update: I tried even with a simple main class without maven/surefire and I still get this error. I think security policy might be ignored for java.* because in SecureClassLoader there is this bit of code:

    if ((name != null) && name.startsWith("java.")) {
        throw new SecurityException
            ("Prohibited package name: " +
             name.substring(0, name.lastIndexOf('.')));
    }

I also tried editting the JDK's java.policy file in JAVA_HOME/jre/lib/security and it still doesn't work.

Soni answered 8/9, 2015 at 3:22 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.