Bug 30836 - security restrictions at WorkBook creation (with patch submission)
Summary: security restrictions at WorkBook creation (with patch submission)
Status: RESOLVED FIXED
Alias: None
Product: POI
Classification: Unclassified
Component: HSSF (show other bugs)
Version: 2.5-FINAL
Hardware: All All
: P3 normal with 1 vote (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
: 32386 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-08-24 22:38 UTC by evernat
Modified: 2005-04-21 07:10 UTC (History)
2 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description evernat 2004-08-24 22:38:24 UTC
The problem was documented here
www.mail-archive.com/poi-user@jakarta.apache.org/msg01251.html and "Andy"
requested for a patch.

My own context (by the way quite common) for the pb is :
- An applet (or a JavaWebStart client application) should by signed with a
certificate and jarsigner to read system property (the JVM "sandbox"). iText,
Swing Look And Feels and all external libraries are not signed and need not
hopefully to be signed (except poi).

- My app is a JavaWebStart app (but the pb will certainly be the same with an
applet). My app's jar is signed. The poi's jar (2.5) is not signed (and it is
referenced in a JWS extension jnlp). The pb can be reproduced in JRE 1.4.2_01
and in JRE 1.5.0 beta.

- The exception is (JVM security restriction) :
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.name read)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
	at java.lang.System.getProperty(Unknown Source)
	at org.apache.poi.hssf.model.Workbook.createWriteAccess(Workbook.java:807)
	at org.apache.poi.hssf.model.Workbook.createWorkbook(Workbook.java:232)
	at org.apache.poi.hssf.usermodel.HSSFWorkbook.<init>(HSSFWorkbook.java:126)


In the initial message above, Andrew requested for a patch, here it is :

WorkBook
protected Record createWriteAccess() {
        WriteAccessRecord retval = new WriteAccessRecord();

        try {
                retval.setUsername(System.getProperty("user.name"));
        } catch (java.security.AccessControlException e) {
                // AccessControlException can occur in a restricted context
                // (client applet/jws application or restricted security server)
                retval.setUsername("POI");
        }
        return retval;
    }

Don't hesitate to mail me if needed.
Comment 1 Glen Stampoultzis 2004-09-19 01:40:02 UTC
Patch applied to HEAD branch.  Thanks.
Comment 2 Avik Sengupta 2005-04-21 15:10:01 UTC
*** Bug 32386 has been marked as a duplicate of this bug. ***