8154113: java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")

Granted security permission "authProvider.SunMSCAPI" to SunMSCAPI provider Reviewed-by: mullan
2026-03-05 13:40:18 +00:00 · 2016-08-12 00:47:06 +00:00 · 2016-08-12 00:47:06 +00:00 · 805fa70745
commit 805fa70745
parent 16b80b792d
5 changed files with 17 additions and 107 deletions
--- a/jdk/src/java.base/windows/lib/security/default.policy
+++ b/jdk/src/java.base/windows/lib/security/default.policy
@ -11,5 +11,6 @@ grant codeBase "jrt:/jdk.crypto.mscapi" {
                   "clearProviderProperties.SunMSCAPI";
    permission java.security.SecurityPermission
                   "removeProviderProperty.SunMSCAPI";
+    permission java.security.SecurityPermission "authProvider.SunMSCAPI";
    permission java.util.PropertyPermission "*", "read";
 };
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.java
+++ b/jdk/test/sun/security/mscapi/AccessKeyStore.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -22,7 +22,12 @@
 */

 /**
- * @see AccessKeyStore.sh
+ * @test
+ * @bug 6324295 6931562 8154113
+ * @modules jdk.crypto.mscapi
+ * @run main/othervm/java.security.policy==access.policy AccessKeyStore pass
+ * @run main/othervm/java.security.policy==noaccess.policy AccessKeyStore fail
+ * @summary Confirm that right permissions are granted to access keystores.
 */

 import java.security.Provider;
@ -36,13 +41,16 @@ public class AccessKeyStore {

    public static void main(String[] args) throws Exception {

-        // Check that a security manager has been installed
+        // Check for security manager and required arg(s)
        if (System.getSecurityManager() == null) {
-            throw new Exception("A security manager has not been installed");
+            throw new Exception("Missing security manager");
        }
+        if (args.length <= 0) {
+            throw new Exception("Missing expected test status");
+        }
+        boolean shouldPass = args[0].equalsIgnoreCase("pass");

        Provider p = Security.getProvider("SunMSCAPI");
-
        System.out.println("SunMSCAPI provider classname is " +
            p.getClass().getName());

@ -56,18 +64,14 @@ public class AccessKeyStore {
         *     SecurityPermission("authProvider.SunMSCAPI")
         */
        try {
-
            keyStore.load(null, null);
-
-            if (args.length > 0 && "-deny".equals(args[0])) {
+            if (!shouldPass) {
                throw new Exception(
                    "Expected KeyStore.load to throw a SecurityException");
            }
-
        } catch (SecurityException se) {
-
-            if (args.length > 0 && "-deny".equals(args[0])) {
-                System.out.println("Caught the expected exception: " + se);
+            if (!shouldPass) {
+                System.out.println("Expected exception thrown: " + se);
                return;
            } else {
                throw se;
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.sh
+++ b/jdk/test/sun/security/mscapi/AccessKeyStore.sh
@ -1,65 +0,0 @@
-#!/bin/sh
-
-#
-# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-
-# @test
-# @bug 6324295 6931562
-# @requires os.family == "windows"
-# @run shell AccessKeyStore.sh
-# @summary Confirm that permission must be granted to access keystores.
-
-OS=`uname -s`
-case "$OS" in
-    Windows* | CYGWIN* )
-
-    # 'uname -m' does not give us enough information -
-    #  should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk),
-    #  but JTREG does not pass this env variable when executing a shell script.
-    #
-    #  execute test program - rely on it to exit if platform unsupported
-
-	${TESTJAVA}/bin/javac -d . ${TESTSRC}\\AccessKeyStore.java
-
-	echo "Using access.policy..."
-	${TESTJAVA}/bin/java ${TESTVMOPTS} \
-	    -Djava.security.manager \
-	    -Djava.security.policy==${TESTSRC}\\access.policy \
-	    AccessKeyStore
-
-	echo "Using noaccess.policy..."
-	${TESTJAVA}/bin/java ${TESTVMOPTS} \
-	    -Djava.security.manager \
-	    -Djava.security.policy==${TESTSRC}\\noaccess.policy \
-	    AccessKeyStore -deny
-
-	exit
-	;;
-
-    * )
-        echo "This test is not intended for '$OS' - passing test"
-        exit 0
-        ;;
-esac
-
--- a/jdk/test/sun/security/mscapi/access.policy
+++ b/jdk/test/sun/security/mscapi/access.policy
@ -1,19 +1,4 @@
 grant {
-    // These permissions are required for the test to start
-    permission java.lang.RuntimePermission 
-			"accessClassInPackage.sun.*";
-
-    permission java.lang.RuntimePermission "loadLibrary.*";
-
-    permission java.util.PropertyPermission "os.arch", "read";
-
-    permission java.util.PropertyPermission 
-			"sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
-    permission java.io.FilePermission "<<ALL FILES>>", "read";
-
-    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
    // This permission is required for the test to run to completion
    permission java.security.SecurityPermission "authProvider.SunMSCAPI";
 };
--- a/jdk/test/sun/security/mscapi/noaccess.policy
+++ b/jdk/test/sun/security/mscapi/noaccess.policy
@ -1,19 +1,4 @@
 grant {
-    // These permissions are required for the test to start
-    permission java.lang.RuntimePermission 
-			"accessClassInPackage.sun.*";
-
-    permission java.lang.RuntimePermission "loadLibrary.*";
-
-    permission java.util.PropertyPermission "os.arch", "read";
-
-    permission java.util.PropertyPermission 
-			"sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
-    permission java.io.FilePermission "<<ALL FILES>>", "read";
-
-    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
    // This permission is required for the test to run to completion
    //permission java.security.SecurityPermission "authProvider.SunMSCAPI";
 };