[Bug 57091] New: Websockets cannot be used in Windows applet plugin environments based on Oracle Java7

Tue, 14 Oct 2014 06:28:40 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=57091

            Bug ID: 57091
           Summary: Websockets cannot be used in Windows applet plugin
                    environments based on Oracle Java7
           Product: Tomcat 8
           Version: 8.0.14
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: WebSocket
          Assignee: dev@tomcat.apache.org
          Reporter: niklas+apa...@appli.se

When using the Tomcat8 Websockets implementation in a Windows JRE 1.7.0_67
applet environment an AccessControlException occurs even though a policy
allowing everything is in charge.

Exception in thread "anInnocuousThread" java.security.AccessControlException:
access denied ("java.lang.RuntimePermission" "setContextClassLoader")
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown
Source)
    at java.lang.Thread.setContextClassLoader(Unknown Source)
    at
org.apache.tomcat.websocket.AsyncChannelGroupUtil$AsyncIOThreadFactory.newThread(AsyncChannelGroupUtil.java:112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.addWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.execute(Unknown Source)
    at
org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:161)
    at
org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:141)
    at sun.nio.ch.AsynchronousChannelGroupImpl.executeOnPooledThread(Unknown
Source)
    at sun.nio.ch.Invoker.invokeIndirectly(Unknown Source)
    at sun.nio.ch.Invoker.invoke(Unknown Source)
    at sun.nio.ch.Invoker.invoke(Unknown Source)
    at
sun.nio.ch.WindowsAsynchronousSocketChannelImpl$ReadTask.completed(Unknown
Source)
    at sun.nio.ch.Iocp$EventHandlerTask.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    at sun.misc.InnocuousThread.run(Unknown Source)

The problem is actually in the JVM which installs a null protection domain
which fails every access checked operation.  Apparantly Oracle won't fix this,
according to https://issues.apache.org/jira/browse/SSHD-332, but there is a
workaround which is fairly easy.  It is modelled after the fix to the SSHD one
found in the link above.

Index:
/d/sd0h/h/niklas/java/workspace-1/Tomcat8/java/org/apache/tomcat/websocket/AsyncChannelGroupUtil.java
===================================================================
---
/d/sd0h/h/niklas/java/workspace-1/Tomcat8/java/org/apache/tomcat/websocket/AsyncChannelGroupUtil.java
   (revision 1630809)
+++
/d/sd0h/h/niklas/java/workspace-1/Tomcat8/java/org/apache/tomcat/websocket/AsyncChannelGroupUtil.java
   (working copy)
@@ -18,6 +18,8 @@

 import java.io.IOException;
 import java.nio.channels.AsynchronousChannelGroup;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.SynchronousQueue;
 import java.util.concurrent.ThreadFactory;
@@ -106,12 +108,16 @@
         private AtomicInteger count = new AtomicInteger(0);

         @Override
-        public Thread newThread(Runnable r) {
-            Thread t = new Thread(r);
-            t.setName("WebSocketClient-AsyncIO-" + count.incrementAndGet());
-            t.setContextClassLoader(this.getClass().getClassLoader());
-            t.setDaemon(true);
-            return t;
+        public Thread newThread(final Runnable r) {
+            return (Thread)AccessController.doPrivileged(new
PrivilegedAction<Object>() {
+            public Object run() {
+                Thread t = new Thread(r);
+                t.setName("WebSocketClient-AsyncIO-" +
count.incrementAndGet());
+                t.setContextClassLoader(this.getClass().getClassLoader());
+                t.setDaemon(true);
+                return t;
+            }
+            });
         }
     }
 }

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to