Bug 30836

Summary: security restrictions at WorkBook creation (with patch submission)
Product: POI Reporter: evernat <evernat>
Component: HSSFAssignee: POI Developers List <dev>
Severity: normal CC: michael_gertz, poi-support
Priority: P3    
Version: 2.5-FINAL   
Target Milestone: ---   
Hardware: All   
OS: All   

Description evernat 2004-08-24 22:38:24 UTC
The problem was documented here
www.mail-archive.com/poi-user@jakarta.apache.org/msg01251.html and "Andy"
requested for a patch.

My own context (by the way quite common) for the pb is :
- An applet (or a JavaWebStart client application) should by signed with a
certificate and jarsigner to read system property (the JVM "sandbox"). iText,
Swing Look And Feels and all external libraries are not signed and need not
hopefully to be signed (except poi).

- My app is a JavaWebStart app (but the pb will certainly be the same with an
applet). My app's jar is signed. The poi's jar (2.5) is not signed (and it is
referenced in a JWS extension jnlp). The pb can be reproduced in JRE 1.4.2_01
and in JRE 1.5.0 beta.

- The exception is (JVM security restriction) :
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.name read)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
	at java.lang.System.getProperty(Unknown Source)
	at org.apache.poi.hssf.model.Workbook.createWriteAccess(Workbook.java:807)
	at org.apache.poi.hssf.model.Workbook.createWorkbook(Workbook.java:232)
	at org.apache.poi.hssf.usermodel.HSSFWorkbook.<init>(HSSFWorkbook.java:126)

In the initial message above, Andrew requested for a patch, here it is :

protected Record createWriteAccess() {
        WriteAccessRecord retval = new WriteAccessRecord();

        try {
        } catch (java.security.AccessControlException e) {
                // AccessControlException can occur in a restricted context
                // (client applet/jws application or restricted security server)
        return retval;

Don't hesitate to mail me if needed.
Comment 1 Glen Stampoultzis 2004-09-19 01:40:02 UTC
Patch applied to HEAD branch.  Thanks.
Comment 2 Avik Sengupta 2005-04-21 15:10:01 UTC
*** Bug 32386 has been marked as a duplicate of this bug. ***