117893 – AccessControlException using @annotation under SecurityManager

Bug 117893 - AccessControlException using @annotation under SecurityManager

Summary: AccessControlException using @annotation under SecurityManager

Status:	NEW

Alias:	None

Product:	AspectJ
Classification:	Tools
Component:	Compiler (show other bugs)
Version:	DEVELOPMENT
Hardware:	PC Windows XP

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	aspectj inbox
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-11-24 06:50 EST by Matthew Webster
Modified:	2007-10-23 08:40 EDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Webster

2005-11-24 06:50:05 EST

Using an aspect that extracts an annotation as context fails with an AccessControlException when run under a Java 2 security manager i.e. -Djava.secuirty.manager.

Using this aspect

public aspect SecuritySupport {

	before (Permission p) : execution(@Permission * *(..)) && @annotation(p) {
		SecurityManager sm = System.getSecurityManager();
		if (sm != null) {
			sm.checkPermission(new HelloPermission(p.value()));
		}
	}
	
}

with this program

public class HelloWorld {

	private String text = "Hello World!";
	
	@Permission("print")
	public void println() {
		SecurityManager sm = System.getSecurityManager();
		if (sm != null) {
			sm.checkPermission(new HelloPermission("print"));
		}

		System.out.println(getText());
	}
 	...

caused this exception

Exception in thread "main" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
	at java.security.AccessController.checkPermission(AccessController.java:427)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
	at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
	at java.lang.Class.checkMemberAccess(Class.java:2125)
	at java.lang.Class.getDeclaredMethods(Class.java:1762)
	at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81)
	at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64)
	at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:186)
	at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69)
	at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52)
	at java.lang.reflect.Method.declaredAnnotations(Method.java:676)
	at java.lang.reflect.Method.getAnnotation(Method.java:663)
	at hello.HelloWorld.println(HelloWorld.java)
	at hello.HelloWorld.main(HelloWorld.java:52)

unless I added this my security policy:

grant { 
	permission java.lang.RuntimePermission "accessDeclaredMembers";
};

Comment 1 Matthew Webster

2005-11-28 09:22:20 EST

The problem lies with the code generated to obtain and pass the annotation to advice. A class may call getDelaredMethod() on itself but not getAnnotion(). As yet I have found no published guidance on the subject. As suggested the exception can be avoided by granting the right RuntimePermission but users may be reluctant to do this. Alternatively an AspectJ library method call could be added to obtain the annotation and permission granted to AspectJ instead.