Readline.readline fails with AccessControlException in presence of a SecurityManager

[hakanai]

It is impossible to use jline if you have the security manager blocking access to files, because you will get this:

Stack trace:

Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/tester/.jline.rc" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
    at java.io.File.isDirectory(File.java:844)
    at java.io.File.toURI(File.java:732)
    at jline.internal.Urls.create(Urls.java:38)
    at jline.internal.Configuration.determineUrl(Configuration.java:90)
    at jline.internal.Configuration.initProperties(Configuration.java:46)
    at jline.internal.Configuration.getProperties(Configuration.java:111)
    at jline.internal.Configuration.getString(Configuration.java:126)
    at jline.internal.Configuration.getString(Configuration.java:138)
    at jline.internal.Configuration.getBoolean(Configuration.java:142)
    at jline.console.ConsoleReader.<init>(ConsoleReader.java:106)
    at jline.console.ConsoleReader.<init>(ConsoleReader.java:219)
    at jline.console.ConsoleReader.<init>(ConsoleReader.java:207)
    at org.jruby.ext.readline.Readline.initReadline(Readline.java:105)

This is arguably a bug in File.toURI() as it does not document this possibility, but if it's going to call isDirectory(), I guess it's a possibility.

There is no obvious workaround for this issue from my code. I don't know if there is something JRuby can do to stop jline reading this file, so I thought I'd file it here in case jline bounced me back here anyway.

Quick test code using JSR223 to start it up:

@Test
public void testReadLine() throws Exception
{
    doTest("require 'readline'\n" +
           "Readline.readline\n");
}

private void doTest(String script) throws Exception
{
    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByExtension("rb");

    ScriptContext context = new SimpleScriptContext();
    StringWriter writer = new StringWriter();
    context.setWriter(writer);

    engine.eval(script, context);
}

But obviously you'd have to run the test harness with a security manager enabled (which we do)... either that, or find a tidy way to set it and unset it in the test class.

[hakanai]

Was this the wrong place to file this?

[mkristian]

yes and no. it is a jline problem:
https://github.com/jline/jline2/blob/jline-2.11/src/main/java/jline/console/ConsoleReader.java#L106

but this line indicates a possible workaround:
https://github.com/jline/jline2/blob/jline-2.11/src/main/java/jline/console/ConsoleReader.java#L106

I think jruby-readline can just use an empty jline.rc file from the readline.jar which gets packed with this gem on such a AccessControlException

but the fix on jline side would be the better solution.

[hakanai]

I think this might have gone away some time before JRuby 9.0.5.0 because my test hangs instead, which is sort of expected considering there is no console to read from and it's trying to read from it. :)