[jcifs] java.security.AccessControlException

Parag Chikmath chikmath at us.ibm.com
Wed Aug 18 19:05:40 GMT 2004 

Hello,
We're trying to use the jcifs pkg in our product so that our linux systems can 
communicate with samba and
windows unc shares. The JVM security manager for our product does not allow the 
System.getProperties()
call and also does not allow setting any system properties.

Hence, the calls to System.getProperties() and System.setProperty in 
jcifs/Config.java fail.
The foll is the excep stack :

Uncaught exception in thread Thread[TWGServer,5,ServiceThreadGroup]
java.lang.ExceptionInInitializerError
	at java.lang.Class.forName1(Native Method)
	at java.lang.Class.forName(Class.java:180)
	at jcifs.smb.SmbFile.<clinit>(SmbFile.java:361)
	at java.lang.Class.forName1(Native Method)
	at java.lang.Class.forName(Class.java:180)
	at com.tivoli.twg.softwaredist.SMBClassChecker.checkClass
(SMBClassChecker.java:130)
	at 
com.tivoli.twg.softwaredist.TWGSwDistServerExtension.InitClassInstances
(TWGSwDistServerExtension.java:223)
	at com.tivoli.twg.engine.TWGExtension.InitClassInstances
(TWGExtension.java:802)
	at com.tivoli.twg.engine.TWGExtension.DoInitClassInstances
(TWGExtension.java:607)
	at com.tivoli.twg.engine.TWGServer.run(TWGServer.java:468)
Caused by: java.security.AccessControlException: access denied 
(java.util.PropertyPermission * read,write)
	at java.security.AccessControlContext.checkPermission
(AccessControlContext.java(Compiled Code))
	at java.security.AccessController.checkPermission(AccessController.java
(Compiled Code))
	at java.lang.SecurityManager.checkPermission(SecurityManager.java
(Compiled Code))
	at java.lang.SecurityManager.checkPropertiesAccess
(SecurityManager.java:1257)
	at java.lang.System.getProperties(System.java:564)
	at jcifs.Config.load(Config.java:142)
	at jcifs.Config.<clinit>(Config.java:67)
	... 10 more
Terminating JVM due to exception

Is it possible to change the jcifs code to keep the security manager happy, as 
follows :
1. Reading each individual System property rather than the system Properties 
object itself.
2. In the registerSmbURLHandler() method in Config.java, the 
java.protocol.handler.pkgs system property is being set
irrespective of whether this property already contains the "jcifs" string. 
Instead, a parsing of this property could
be done to look for the string "jcifs" and then set this property only if its 
null or if it does not already
contain the "jcifs" string. That way, one could set this property to "jcifs" 
externally and the call to
System.getProperty to register the smb url handler could be avoided.

Or, we could make the above changes to jcifs and send it your way. Since this 
is holding up further development of our
product, we'd like to know what are the chances of these changes being approved 
by the group so we can make further
decisions.

Thank You.
Sincerely
Parag Chikmath

More information about the jcifs mailing list