Bug 36671 - AbstractEscherHolderRecord may throw AccessControlException in WebStart apps
Summary: AbstractEscherHolderRecord may throw AccessControlException in WebStart apps
Status: RESOLVED DUPLICATE of bug 43108
Alias: None
Product: POI
Classification: Unclassified
Component: HSSF (show other bugs)
Version: 2.5-FINAL
Hardware: Other other
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
Depends on:
Reported: 2005-09-15 15:44 UTC by Andy Cooke
Modified: 2009-02-18 10:26 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Andy Cooke 2005-09-15 15:44:45 UTC
org.apache.poi.hssf.record.AbstractEscherHolderRecord can cause exceptions in
WebStart applications without sufficient privileges:
java.security.AccessControlException: access denied
(java.util.PropertyPermission poi.deserialize.escher read)

Possible fix to catch the exception:
  private static boolean DESERIALISE;
  static {
    try {
      DESERIALISE = System.getProperty("poi.deserialize.escher") != null;
    } catch (Exception e) {
      DESERIALISE = false;
Comment 1 Andy Oliver 2005-09-15 16:46:59 UTC
This is more of an RFE than bug (because you could just grant it privileges to
read system properties).  I suggest the below code could catch
AccessControlException.  Personally I don't like the use of system properties. 
I think we should have a seperate constructor.
Comment 2 David Ostiguy 2006-05-02 15:42:48 UTC
Our dev team has recently run into this same issue.  In regards to the comment
to "just grant it privileges to read system properties", this is not really an
option for us.  Due to our customers' restrictive IT environments, we do not
have the option of modifying (or persisting) .policy files, with proper
privileges granted, on the client.  Thus, I'm curious to know if/when this bug
may be resolved.  Possibly in the next 6-12 months?
Comment 3 Yegor Kozlov 2008-12-29 09:17:39 UTC
Try the latest POI-3.5-beta4. If the problem persists, re-open this bug and
attach the problem file and sample code to reproduce the problem.

Comment 4 David Fisher 2009-02-18 10:26:54 UTC
I examined the code and the suggested solution was taken.

svn blame is: http://svn.apache.org/viewvc?view=rev&revision=566183

Author: 	nick
Date: 	Wed Aug 15 14:19:08 2007 UTC (18 months ago)
Log Message: 	

Patch from bug #43108 - when fetching system properties, use sensible defaults if we're not able to access them

*** This bug has been marked as a duplicate of bug 43108 ***