Adding security permission in java.policy
Hi All,
I need to set security permissions for applet.
How we can add security permission in java.policy at runtime in java?
Thanks in advance.
Rakesh Kashnia
search this site and the web for a tutorial on using java's security
Similar Messages
-
How add grant permission in java.policy
hi master
sir serch in my system
C:\Program Files\j2sdk_nb\j2sdk1.4.2\jre\lib\security
C:\Program Files\j2sdk_nb\_jvm\lib\security
C:\Program Files\Java\j2re1.4.1_03\lib\security
C:\Program Files\Java\jre1.5.0_10\lib\security
sir i have many java.policy file which one is default java.policy file
how i add the code
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
and this code
grant codeBase "C:\Program Files\j2sdk_nb\j2sdk1.4.2\jre\lib\security
permission java.security.AllPermission;
give me idea how i add my code in java.policy file of using the oracle database in applete
thank
aamirin the control panel see what runtime is used by ur applet, mostly the lastest one u installed.
C:\Program Files\Java\jre1.5.0_10\lib\security
in this folder grant permission for the codebase where ur database is located. -
Adding Permissions to Jars, java.policy
Dear Forum,
I'm writing an RMI application which requires a policy file in order to grant certain permission. Is there any way I can set up a jar so that I won't have to include the policy file on the command line (and as a separate file with the jar)? I'd like everything to be in one neat click and go jar: I'm hoping my program (written with 1.3) will work on Macs as easily as Wins without the need for batch files, special parameters, or external files.
I would appreciate it if you could also reply to [email protected]
A million thanks!
BenIs there a simpler way? The signing process is difficult and annoying, to say the least. Then, as I understand it, the end user is also burdened with the policy tool and installing the certificate. The Java Tutorial's description is hard to understand, and even if I make it through, I don't want to buy a certificate from someone I don't trust anyway (like Verisign). Are there any graphical programs that could take my jar, deal with the nitty-gritty, and just return those things I would need to post on my website? I think its a shame Sun hasn't simplified this whole process (and if they have, then a shame it hasn't been posted somewhere that I would have seen it)!
-
Please Help java.policy signedBy can't access file local
i create keystore and signjar in web applet
run tomcat access file in local but not acess file denied
i goto edit file java.policy
grant {
permission java.security.AllPermission;
can access file
but put SignedBy cannot access file
grant SignedBy fuangchai{
permission java.security.AllPermission;
Please help me example file keystore,applet.jar,java.policy
to signedby access file local in webapplet
env JDE 1.5 ,javascript yui 2.8 ,prototype js,tomcat6
File html
<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
codebase="http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab#Version=5,0,0,5"
width="1" height="1" >
<param name=code value="com.arg.aes.test.FileDirectoryBS.class" >
<param name=archive value="app.jar">
<param name=codebase value="." >
<param name="type" value="application/x-java-applet;version=1.5">
<param name="scriptable" value="true">
<param name="mayscript" value="true">
<param name="debug" value="false">
<comment>
<embed name="myApplet" id="myApplet"
type="application/x-java-applet;version=1.5"
code="com.arg.aes.test.FileDirectoryBS.class"
archive="app.jar"
java_codebase="."
width="1"
height="1"
scriptable="true"
mayscript="true"
pluginspage="http://java.sun.com/products/plugin/index.html#download">
<noembed>
</noembed>
</embed>
</comment>
</object>
<applet
code="com.arg.aes.test.FileDirectoryBS"
width="1"
height="1"
archive="app.jar"
name="myApplet"
codebase="."
MAYSCRIPT="true"
>
</applet>
javascript
initlistfile : function() {
try
var list = $("myApplet").initlistfileInDir();
var jsondata = list.evalJSON();
/*alert(jsondata.dirname);
alert(jsondata.dirpath);
alert(jsondata.listfile.length);*/
initTableLeft(jsondata.listfile);
catch(e)
alert("Exception : access denied.");
return;
import java.applet.Applet;
import java.io.File;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.text.DecimalFormat;
import java.text.NumberFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
* @author fuangchai
public class FileDirectoryBS extends Applet{
public static File[] ROOTS = File.listRoots();
public static String HOME = System.getProperty("user.home");
public String listDir()
return JsonObj.makeTopDir((ROOTS.length > 0)?ROOTS : new Object[]{HOME});
public String initlistfileInDir()
return listfileInDir(null);
public String listfileInDir(String dirName)
if(null == dirName || dirName.equals(""))
System.out.println("root = " + ROOTS.length);
try {
dirName = (ROOTS.length > 0)?ROOTS[0].getPath():HOME;
catch (Exception e) {
e.printStackTrace();
return "";
System.out.println("#########################");
DirectoryDescImp obj = makeObjDir(dirName);
return (null == obj)?null:JsonObj.makeDir(obj);
public String listlinkInDir(String dirName)
if(null == dirName || dirName.equals(""))
System.out.println("root = " + ROOTS.length);
try {
dirName = (ROOTS.length > 0)?ROOTS[0].getPath():HOME;
catch (Exception e) {
e.printStackTrace();
return "";
System.out.println("#listlinkInDir#");
try {
File obj = new File(dirName);
return (null == obj)?null:JsonObj.makelinkDir(obj.getName(),obj.getPath());
} catch (Exception e) {
System.out.println("I can't access a file here! Access Denied!");
e.printStackTrace();
return null;
public boolean isEnc(File f)
//TODO
return false;
public DirectoryDescImp makeObjDir(String dirName)
System.out.println("dirName = " + dirName);
try{
File dir = new File(dirName);
String[] entries = dir.list();
if(null == dir || null == entries || entries.length <= 0)
System.out.println("Data is null or not obj." );
return null;
System.out.println("Dir List = " + dir.list().length);
System.out.println("Dir Name = " + dir.getName());
System.out.println("Dir Path = " + dir.getPath());
DirectoryDescImp dirDesc = new DirectoryDescImp();
dirDesc.setDirName(dir.getName());
dirDesc.setDirPath(dir.getPath());
List<FileDescImp> list = new ArrayList<FileDescImp>();
for(int i=0; i < entries.length; i++) {
File f = new File(dir, entries);
FileDescImp fDesc = new FileDescImp();
fDesc.setFile(f);
fDesc.setFileEncrept(isEnc(f));
list.add(fDesc);
dirDesc.setListfile(list);
return dirDesc;
catch(Exception e){
System.out.println("I can't access a file here! Access Denied!");
e.printStackTrace();
return null;
Thank you
Fuangchai Jum
Mail [email protected]
Edited by: prositron on Jan 13, 2010 7:35 AMOK,
Let's say I have to intialize Environment, and call method initEnvironment() in Applet's init(). Environment class:
class Environment
private KeyStore keyStore;
private Enumeration<String> aliases;
public void initEnvironment() {
Security.addProvider(new sun.security.mscapi.SunMSCAPI());
keyStore = KeyStore.getInstance("Windows-MY");
keyStore.load(null);
aliases = keyStore.aliases();
}Applet is signed, I trust signer.
Since Applet is signed I'm able to overwrite existing .java.policy under user.home.
This doesn't work if I don't have .java.policy:
grant {
permission java.security.SecurityPermission "insertProvider.SunMSCAPI";
permission java.security.SecurityPermission "authProvider.SunMSCAPI";
permission java.util.PropertyPermission "jsr105Provider", "read";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.pipe.Fiber.serialize", "read";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.streaming.XMLStreamWriterFactory.noPool", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.ws.fault";
permission java.util.PropertyPermission "com.sun.xml.internal.ws.api.streaming.XMLStreamWriterFactory.woodstox", "read";
};P.S.
Does it make sense to be able to make changes to file system and not be able to make actions from above policy?!?! -
How to revoke and grant permission in java using Security Manager ??
I like to revoke and grant permission through java code..can anybody give me a sample code.
Discussion is here:
http://forum.java.sun.com/thread.jspa?threadID=731363 -
Security-permission in Resource Adapter?
I added this permission definition to the META-INF/ra.xml file:
<security-permission>
<description>Test SecurityPermission</description>
<security-permission-spec>
grant {
permission java.security.SecurityPermission "getPolicy";
</security-permission-spec>
</security-permission>
But when I run
java.security.Policy policy = java.security.Policy.getPolicy();
from the adapter code, I still get a java.security.AccessControlException:
java.security.AccessControlException: access denied (java.security.SecurityPermission getPolicy)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:267)
at
java.security.AccessController.checkPermission(AccessController.java:394)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
at java.security.Policy.getPolicy(Policy.java:121)
What do I do wrong (or have I found a bug ;) ???
BTW: I try to set permissions to read an XML-file from the adapter's jars or rar.
Hans BauseweinTo answer my own question ;-)
The adapter code should wrap the privileged code in a PrivilegedAction.
I've found it in section 10.7 of J2EE Connector Architecture and Enterprise Application Integration by Rahul Sharma:
http://developer.java.sun.com/developer/Books/j2ee/connectorch10.pdf
Hans -
Hi,
I am writing an web based application using applets nadn eed to contact a MYSql database.
I am getting Access Denied exception.
In my java.policy file I added the following two lines :
grant codeBase "http://mywebpage/"{
permission java.security.AllPermission;
I am still getting the following exception : Any help will be greatly appreciated since I have a demo tomorrow. (Is there anyway to confugure the java.policy or java.security file to allow the jar that contains my applet(dvt.jar) to access the underlying database.)
Is there some place I need to specify explicitly where to find this java.policy file.
Platform is UNIX.
Thx
Karthik
Thx
Karthik
Unable to connect to any hosts due to exception: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)** BEGIN NESTED EXCEPTION ** java.security.AccessControlExceptionMESSAGE: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)STACKTRACE:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)at java.security.AccessControlContext.checkPermission(Unknown Source)at java.security.AccessController.checkPermission(Unknown Source)at java.lang.SecurityManager.checkPermission(Unknown Source)at java.lang.SecurityManager.checkConnect(Unknown Source)at java.net.Socket.connect(Unknown Source)at java.net.Socket.connect(Unknown Source)at java.net.Socket.<init>(Unknown Source)at java.net.Socket.<init>(Unknown Source)at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:124)at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:225)at com.mysql.jdbc.Connection.createNewIO(Connection.java:1783)at com.mysql.jdbc.Connection.<init>(Connection.java:450)at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:411)at java.sql.DriverManager.getConnection(Unknown Source)at java.sql.DriverManager.getConnection(Unknown Source)at vdt.VdtModuleApplet.getConnection(VdtModuleApplet.java:444)at vdt.VdtModuleApplet.init(VdtModuleApplet.java:105)at sun.applet.AppletPanel.run(Unknown Source)at java.lang.Thread.run(Unknown Source)** END NESTED EXCEPTION ** System = Inited, gotParameters, init propertiesGetting Connection Posts: 30 | Registered: Feb 2005 | IP: LoggedHi Folks, I am also facing the same kind of
problem...when I am trying to open notepad by
clicking on New option of my Frame's menu.. I am
getting the message Access Denied...some permission
problem is there...Please help me in directing about
setting the policies...https://www.support.storagetek.com/LibraryAdminHelp/lsa/setting_up_java_policy_permissions.htm
http://www.exciton.cs.rice.edu/JavaResources/security/policy.htm -
How can I change java.policy at runtim on client machines using java webst?
Hi,
I have to change java.policy to launch my application through webstart to provide one RuntimePermission "permission java.lang.RuntimePermission "getClassLoader";"
Its because of a bug in java bug "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_"
So, my problem here is, how can I do this dynamically on each client machine's java.policy.
I have spent time on this and found some alternatives
1. Specifying an Additional Policy File at Runtime by launching application "java -Djava.security.manager -Djava.security.policy=someURL SomeApp"
Please refer more on this "http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html"
But, here the problem is, how can I do this using webstart (expert.jnlp) file even though I have the "java-vm-args" tag, its not supporting this argument.
Please refer "http://docs.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/syntax.html#security";
2. Implementing the Policy in code.
But, not sure how to do this..
How can I grant the runtime permission on every user's machine dynamycally?
Here are some background details on this:
I am using java6 and weblogic 10.3.3.
Here is thing that I tried,
My application downloads a few jars to the client machines using java webstart and then it will get the initial context using the t3 protocal. The jars include wlclient.jar and ojdbc6.jar initially.
The problem here I was facing, when I tried request a bean, it is giving me the following exception in the client logs.It is requesting one state less session bean and I checked the server logs as well and the bean has returned the expected values properly.
But here I observed one more thing, before this request, one session bean(state less) has been requested successfully.
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:
org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at com.mbt.expert.server.util._ServerDBQueryObjectRemote_Stub.getExchangeList(Unknown Source)
at com.mbt.expert.util.DBQueryObject.getExchangeList(DBQueryObject.java:419)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.actionPerformed(OpenExchangeDialog.java:425)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Unknown Source)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.displayDialog(OpenExchangeDialog.java:606)
at com.mbt.expert.mdi.actions.OpenExchangeAction.execute(OpenExchangeAction.java:204)
at com.mbt.mdi.MDICommand.actionPerformed(MDICommand.java:47)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
... 80 more
The same is working in some other machine which are in different network. So, I have replaced the wlclient.jar with the wlthint3client.jar.
After replacing this jar I was getting the below exception in client logs while requesting a state less session bean.I also checked whether the request is reaching the server (bean) or not, but its not reaching the server.The problem is same at all the machines irrespective of the networks.
java.lang.AssertionError: Failed to generate class for com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:797)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:786)
at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:213)
at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:197)
at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:598)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:193)
at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:62)
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:240)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1033_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
at javax.naming.InitialContext.lookup(Unknown Source)
at com.mbt.expert.mdi.ExpertVariable.getLoginSession(ExpertVariable.java:455)
at com.mbt.expert.view.dialogs.Login.okPressed(Login.java:187)
at com.mbt.expert.view.dialogs.Login.keyPressed(Login.java:141)
at java.awt.Component.processKeyEvent(Unknown Source)
at javax.swing.JComponent.processKeyEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:795)
... 55 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at weblogic.utils.classloaders.AugmentableClassLoaderManager.getAugmentableClassLoader(AugmentableClassLoaderManager.java:48)
at weblogic.rmi.internal.ClientRuntimeDescriptor.findLoader(ClientRuntimeDescriptor.java:254)
at weblogic.rmi.internal.ClientRuntimeDescriptor.getInterfaces(ClientRuntimeDescriptor.java:132)
at weblogic.rmi.internal.StubInfo.getInterfaces(StubInfo.java:77)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.ensureInitialized(Unknown Source)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.<init>(Unknown Source)
... 60 more
I have tried one more thing, I have taken all the required jars to one of the client machines and executed the main class (by setting the required class path) from cmd using java instead of javaws. Surprisingly, its working fine with out any problem using the wlthint3client.jar.
I also tried the same, by placing wlclient.jar using java in the same way(from cmd instead of javaws ), but I was facing the same exception while requesting the second session bean and found the same above exception in client logs.
To resolve this, I come across the java bug that I have given earlier "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_".
In that page, I found a work around for this; suggested by bea to add the Runtime permission "permission java.lang.RuntimePermission "getClassLoader";" to the clients java.policy
So, please suggest me a way to resolve this problem.
Please suggest me if you have any other solutions for this problem.
Thanks in advance :)I still think your problem is nothing to do with that ancient non-bug and that you should be looking elsewhere. You might be lucky and find someone here who can say "Ah, I know what that is" but I doubt it because since Oracle took over Sun this site has gone down hill big time.
-
How to handle the java.policy file ?
Can somebody tell me how to handle the java.policy file?
I always get java.net.SocketExceptions and java.security.AccessControlExceptions while connecting to an appserver from an applet.
What do I have to write in the java.policy file, where do I have to place it and do I have to call it in some way form my applet?
Thanks in advance.
don callThe java.policy file goes in your jre installation directory in .../jre/lib/security (there should be one there already).
I used it to allow otherwise restricted permissions for an applet using javax.comm. Add something like the following to the file:
grant codeBase "URL:http://yourDomainName/rootDirectoryOfYourApp/*" {
permission java.security.AllPermission;
This will give the applet downloaded from your site all permissions. You might want to give only certain permissions, I don't know.
Teri -
File Access with unsigned Applet through editing the java.policy file
I'am starting to lose my hair on this...
I am trying to get an applet to run so that it can access the file system to move files on my local maschin. Because this applet is only running on my VM i can change the java.policy to avoid the signing of the applet.
first of all, if i wrote in the java.policy file
grant {
permission java.security.AllPermission;
};everything is working perfekt.
But I have not the intention to open the gates for any applet out there, so i want to limit the access to my applet. With every of the following versions I get at best an
java.security.AccessControlException: access denied (java.io.FilePermission...
My Setup
My Java Version: jre1.6.0_02
My applet is located unter the url
http://admin.mydomain.com/applet.jar
In Html i tryed the following different versions of loading the applet - none worked
<applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
<applet codebase="http://admin.mydomain.com" name="shortcut" code="start.class" archive="applet.jar" width="0" height="0"></applet>
<applet name="shortcut" code="start.class" archive="http://admin.mydomain.com/applet.jar" width="0" height="0"></applet>in java.policy i tryed following versions with every html applet load version
grant codeBase "http://admin.x-press.de/-" {
permission java.security.AllPermission;
grant codeBase "http://admin.x-press.de/+" {
permission java.security.AllPermission;
grant codeBase "http://admin.x-press.de/applet.jar" {
permission java.security.AllPermission;
};why is it with
grant {
permission java.security.AllPermission;
};working, and not with the other versions?
i am almost bold now, please try to save my last hair from falling down.
any suggestion would be nice
thanks, feyyaz
Message was edited by:
feyyazdoguI read the mentioned documentation and your right, some of my versions were wrong, but after reading the doumentation again i came to following result which should had worked but didn't.
java.policy
grant codeBase "http://admin.mydomain.com/*" {
permission java.security.AllPermission;
HTML File
<applet codebase="http://admin.mydomain.com/" name="shortcut" code="start.class" archive="applet.jar" height="0" width="0"></applet>if I am entering http://admin.mydomain.com/applet.jar i can download the jar, so the archive lays in the correct directory.
what i am doing wrong? do i have to change an additional file somewhere else? -
Hi ,
I am facing problem with the following code.
ClassLoader loaderPrev = Thread.currentThread().getContextClassLoader();
ClassLoader loader = URLClassLoader.newInstance(new URL[]{new URL(CodeBase)} , loaderPrev );
ClassLoader loader = new URLClassLoader(urlList);
Thread.currentThread().setContextClassLoader(loader) ;
result = Thread.currentThread().getContextClassLoader().loadClass(className);
This loads class successfully if I give "AllPermision" in my java.policy. But in real project I cann't do this. If I give only the http port in the java.policy file, it doesn't work . It gives socket permission denied exception.
I appreciate if somebody can give some input on this.
Thanks
Surendratry to sign applets
please check documents
or search in the forums
http://java.sun.com/security/signExample12/
http://java.sun.com/j2se/1.4/docs/guide/plugin/developer_guide/rsa_signing.html
renjith. -
Hi.
We are developing an applet that need to access to the file systems and anothers properties, like user.home. To do this and don't modify the java.policy of the jre, we create a .java.policy file into user home. The content is:
grant {
permission java.util.PropertyPermission "user.name", "read";
permission java.util.PropertyPermission "user.home", "read, write";
permission java.util.PropertyPermission "java.library.path", "read, write";
permission java.lang.RuntimePermission "accessClassInPackage.org.mozilla.jss.*";
permission java.io.FilePermission "${user.home}/", "read";
permission java.io.FilePermission "${user.home}/-", "read, write";
With this configuration it works fine in Linux with Iceweasel, but in windows it's not work (firefox nor internet explorer)!.
The error is:
[SignApplet]: M�dulo iniciado.
[SignApplet]: Cliente de firma iniciado.
[ESignatureFormatFactory]: Buscando formato 'CMS'... encontrado!
[SignManager]: Firmando digitalmente...
java.lang.NullPointerException
at java.util.Properties$LineReader.readLine(Unknown Source)
at java.util.Properties.load(Unknown Source)
at com.telventi.afirma.cliente.utilidades.MimeTypeHelper.<init>(MimeTypeHelper.java:23)
at com.telventi.afirma.cliente.utilidades.MimeTypeHelper.getInstance(MimeTypeHelper.java:32)
at com.telventi.afirma.cliente.actions.ACommonAction.<clinit>(ACommonAction.java:59)
at com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager.warn(ASignManager.java:405)
at com.telventi.afirma.cliente.signatureformat.signaturemanager.SignManagerMSIEWin32.signDigitally(SignManagerMSIEWin32.java:63)
at com.telventi.afirma.cliente.signatureformat.CMSSignatureFormat.createSignedInfo(CMSSignatureFormat.java:1562)
at com.telventi.afirma.cliente.signatureformat.CMSSignatureFormat.signExplicitHash(CMSSignatureFormat.java:265)
at com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager.signHashElectronically(ASignManager.java:139)
at com.tsol.afirma5.util.impl.AppletServiceImpl.generarFirma(AppletServiceImpl.java:60)
at com.tsol.validacionCertificado.applet.TSolApplet.obtenerFirmaGenerada(TSolApplet.java:105)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.ExceptionInInitializerError
at com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager.warn(ASignManager.java:405)
at com.telventi.afirma.cliente.signatureformat.signaturemanager.SignManagerMSIEWin32.signDigitally(SignManagerMSIEWin32.java:63)
at com.telventi.afirma.cliente.signatureformat.CMSSignatureFormat.createSignedInfo(CMSSignatureFormat.java:1562)
at com.telventi.afirma.cliente.signatureformat.CMSSignatureFormat.signExplicitHash(CMSSignatureFormat.java:265)
at com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager.signHashElectronically(ASignManager.java:139)
at com.tsol.afirma5.util.impl.AppletServiceImpl.generarFirma(AppletServiceImpl.java:60)
at com.tsol.validacionCertificado.applet.TSolApplet.obtenerFirmaGenerada(TSolApplet.java:105)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
Caused by: com.telventi.afirma.cliente.exceptions.ClienteFirmaRuntimeException: Error al mapear el archivo de tipos.
at com.telventi.afirma.cliente.utilidades.MimeTypeHelper.<init>(MimeTypeHelper.java:26)
at com.telventi.afirma.cliente.utilidades.MimeTypeHelper.getInstance(MimeTypeHelper.java:32)
at com.telventi.afirma.cliente.actions.ACommonAction.<clinit>(ACommonAction.java:59)
... 21 more
Caused by: java.lang.NullPointerException
at java.util.Properties$LineReader.readLine(Unknown Source)
at java.util.Properties.load(Unknown Source)
at com.telventi.afirma.cliente.utilidades.MimeTypeHelper.<init>(MimeTypeHelper.java:23)
... 23 more
java.lang.Exception: java.lang.ExceptionInInitializerError
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
[SignApplet]: Invocando isInitialized.
Code where it fail is:
TYPES.load((com.telventi.afirma.cliente.utilidades.MimeTypeHelper.class).getResourceAsStream("mimetypes.properties"));
TYPES is Properties object.
When we modify the .java.policy file with permission java.security.AllPermission it work fine too, and this make to us think that this is a permission problem!.
Somebody has an idea???
Sorry for my english!Having to modify the policy file defeats the whole point of using applets in the first place. If you have to install anything (such as a new policy file) on the client machine, you may as well install a GUI program.
Either get yourself a digital certificate and sign the applet, or use an independent program instead. -
Explicitly installin java.policy problem
is there any one who knows how to explicitly install the java.policy. What i have been doing is set the policy of the RMI server through a file like java.policy which contains this
grant {
permission java.security.AllPermission
"*:1024-65535","connect,accept,resolve";
and run the server through a batch file where the java.policy file is loaded through the system. is there anyone who knows to load the policy in the server code itself, that is, installing it explicitly?
thanks..Yes, this is true ...but there is a saying about hardcode ...it makes things hard to code. Hardcoding the policy file eliminates flexibility for your clients and makes things harder to deploy. It certainly breaks from the standard. I just wouldn't want the poster to think one way is just as good as the other. But you do have a choice, this is true.
-
Can distribution of a .java.policy file be eliminated
Sorry for the stupid question, but I'm fairly new to the realm of dealing with Java security...
I have an applet that I want to deploy worldwide as part of an upgrade to an existing website, but I've run into the following error:
"Error getting connection to: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.0.101)(PORT=1521)))(CONNECT_DATA=(SID=EKB)(SERVER=DEDICATED))) using oracle.jdbc.driver.OracleDriver
access denied (java.util.PropertyPermission oracle.jserver.version read)"
I have managed to figure out that I can eliminate this problem by placing a .java.policy file on all client machines that contain the following:
"grant {
permission java.util.PropertyPermission "oracle.jserver.version", "read";
However, is there any way to eliminate the need to distribute the policy file to those wanting to use the web site's applet? Can it be done somehow within the SSL certificate that I seemingly also have to distribute?
Any help for this newbee would be appreciated!In contrast to what many people say in this forum, it is possible to have an unsigned applet access a database. You don't even have to manipulate the client's policy-file. The requirement is that the database is located on the same machine as the applet is downloaded from.There are however other things that can break this possibility. One is the database-driver itself.
In the case of Oracle we have tried using different versions of the driver. When using version 8.1.7 or 9.0.1 things work nicely, but when switching to version 9.2 it stops working. There is a question on OTN [1]. Let's see what Oracle has to say about it.
[1] Problem connecting using Oracle JDBC drivers -
Does Java Plug-in Ignore java.policy Permissions?
I am running Firefox 3.6.12 on Ubuntu Karmic with Java plug-in 1.6.0_22. I'm trying to run an Aventail OnDemand applet, and I keep getting I/O file-reading permissions exceptions in the Java console. I tried granting the permission in /usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib/security/java.policy, but that was apparently ignored. Any help would be greatly appreciated.
I think the java plugin uses C:\Program Files\Java\j2re1.4.2_04\lib\security\cacerts as a store to get keys.
The password of this file is changeit and you can use keytool to import keys.
I found contradicting information about what can be imported but if you have a p12 file (Mozilla convention for PKCS12) you can import it with java control panel:
C:\Program Files\Java\j2re1.4.2_04\bin\jpicpl32.exe
After imported a cert with control panel it was put in a file located here
C:\Documents and Settings\sbaker\Application Data\Sun\Java\Deployment\security\
Importing with the control panel makes a user specific import and importing with keytool in C:\Program Files\Java\j2re1.4.2_04\lib\security\cacerts (password is changeit) makes it machine specific.
Maybe you are looking for
-
I feel like this question is asked endlessly on these boards, but somehow I still can't find a relevant answer... So, apologies for rehashing a variant of the same question! I have one (ancient) MacBook Pro, and one (ancient) iPhone. I carry both ba
-
Recording and playback from microphone on MAC OS X?
Hi there, I have tried out recording using JavaSound....on Windows it works fine, but not on MAC OS X ... it give an "audio data not supported error". So then i try using quicktime java... refering to the demo file SoundRecord.java....i need to modif
-
Does Z10 support microSD - XC 64GB card (XC not HC or is it the same)
thanks in advance
-
SD-BIL-IV-PC - Mixed payments (ERP2005)
Hello all, We are having trouble processing mixed payments in cash sales Example: order value 100, cash 50, visa 50 (manual authorisations). I get V/ 032: "Insufficient authorization for sales document" when trying to invoice. Please note, this is a
-
Does Portable Flight Planning System (PFPS) work on Mac OS X??
Does anyone know if PFPS works on a Mac and if not if there is a way to get a Windows program to run on your Mac?