security manager and IDEA

Hi,

I need to test and debug running an application under a security manager (the final app will be deployed via WebStart).

If I add "-Djava.security.manager" to the VM Parameters field of the run config, I get the following exception as soon as I launch the program:

ava.lang.ExceptionInInitializerError
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission idea.launcher.library read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:627)
at com.intellij.rt.execution.application.AppMain.]]>(AppMain.java:23)
Exception in thread "main"


It looks to me that I need to modify my current security policy to grant IDEA certain privileges. Is there a document describing what exactly needs to be changed?

Thanks
Dmitry

5 comments
Comment actions Permalink

Dmitry Beransky wrote:

It looks to me that I need to modify my current security policy to grant IDEA certain privileges. Is there a document describing what exactly needs to be changed?


Either that, or you can try to add "-Didea.no.launcher=true" to IDEA's VM options (either in
the .lax or the .bat/.sh files). This tells IDEA not to use it's custom launcher that offers
the functionality of taking a thread dump during an application run. If you don't depend on that,
this is probably the safest way to test your app under real conditions.

HTH,
Sascha

0
Comment actions Permalink

Thanks. Although, the suggestion worked only half way. I mean, it got rid of the exception I mentioned in the original message, but then it hit another permission check that failed:

Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.naming.factory.initial write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:698)
at edu.ucsd.som.util.SomContextFactory.register(SomContextFactory.java:28)
at edu.ucsd.som.onlinepayments.gui.Main.<clinit>(Main.java:35)

Has anyone successfully run a application under IDEA with the security manager enabled?

I'm not strong on Java security stuff and I'd hate to start meddling with the security policy without thoroughly understanding what the hell I'm doing. A plea to the JetBrains guys :) please tell me what needs to be done in order to debug under the security manager in IDEA.

Thanks

0
Comment actions Permalink

Dmitry Beransky wrote:

at java.lang.System.setProperty(System.java:698)
at edu.ucsd.som.util.SomContextFactory.register(SomContextFactory.java:28)
at edu.ucsd.som.onlinepayments.gui.Main.<clinit>(Main.java:35)


This one doesn't seem to be related to IDEA. Your SomContextFactory is
calling System.setProperty() for a property which it isn't allowed to set.

0
Comment actions Permalink

shoot... that's what I get for not getting decent sleep for several weeks. Sorry about that and thanks :)

0
Comment actions Permalink

java -Djava.security.manager -Djava.security.policy=someURL SomeApp


policy file contents
-




grant {

permission java.util.PropertyPermission "idea.launcher.library ", "read";

};

-


@see http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html


0

Please sign in to leave a comment.