Baffled by FilePermission access denied
I am trying to read through a directory and check whether I can read the files located in that directory. When I don't use a security manager the canRead() function always returns true. So I'm trying to implement a security manager and can't figure out what I'm doing wrong.
I created the following policy file. Originally I entered a code base, but with this version I removed it to try and narrow down the problem.
grant {
permission java.io.FilePermission "<<ALL FILES>>", "read";
};The following command is used:
java -cp "C:\Documents and Settings\Carl\My Documents\Java\Baseline\DirectoryList" -Djava.security.manager
-D.security.policy=directoryList.policy directoryList I also provide two parameters. The first is the output file and the second is the directory where I want the program to start. I broke these out to help the readability of the java command.
"C:\\Documents and Settings\\Carl\\My
Documents\\Java\\Baseline\\DirectoryList\\output"
"C:\\Documents and Settings\\Carl\\My
Documents\\Java\\Baseline\\DirectoryList"I have tried countless varieties and always receive the following error:
Security Exceptionjava.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\Carl\My Documents\Java\Baseline\DirectoryList read)The portion of my code that is throwing the error is:
File start = new File ( args[j] );
File list[] = start.listFiles();I have access to the directory and files I'm trying to read since they are located with the class files. So really I should have two ways of getting authorization to read these files; however, nothing seems to work. I've looked through the forums and did the tutorials to see if I missed anything and can't find the problem. I would really appreciate any assistance you could provide.
My testing has shown that the File.canRead() method returns true even if I don't have read access to the file. I've setup two files on my Windows system and removed access by using a different login id. The windows permissions allow me to list the file, but do not allow me to read the file. I've tried this with j2sdk1.4.2_01 and jdk1.5.0_05. Does 1.6 perform the security checking?
"f" is my file object
boolean haveAccess = false;
try{
if ( f.canRead() ) {
haveAccess = true;
else {
System.out.println ( "canRead() method can't read " + f );
haveAccess = false;
catch ( SecurityException se ) {
System.out.println(f + "\t" + f.lastModified() + "\t" + f.length() + se );
haveAccess = false;
}This code always returns true.
For my program, I don't want to open the files. I just want to scan the directory and determine whether anyone can read the files or only list the directory contents. I would also like to make this test even if the file is in use. So the attempt to read the file would give me the wrong answer if someone else had it in use. I want to find out if I'm ever allowed to read the document. Not just at the very minute I scan the file.
Basically, I want to scan a directory and determine the file permissions of each file. Can I list it, read it, or write to it.
Thanks
Similar Messages
-
Access denied (java.io.FilePermission c:\hello.html read
hi all,
i'm trying to run an application in web start which runs otherwise absolutely fine.i have made a tree application .if i press a link in a node it opens another page in jeditor pane which is on the other side of the split pane.every time i try to open a page it gives me the following exception
Exception occurred during event dispatching:
java.security.AccessControlException: access denied (java.io.FilePermission c:\Program Files\Apache Tomcat 4.0\webapps\web\hello.html read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.isDirectory(Unknown Source)
at sun.net.www.protocol.file.FileURLConnection.connect(Unknown Source)
at sun.net.www.protocol.file.FileURLConnection.initializeHeaders(Unknown Source)
at sun.net.www.protocol.file.FileURLConnection.getHeaderField(Unknown Source)
at sun.net.www.URLConnection.getContentType(Unknown Source)
at javax.swing.JEditorPane.getStream(Unknown Source)
at javax.swing.JEditorPane.setPage(Unknown Source)
at browser.HelpPanel.displayURL(HelpPanel.java:156)
at browser.HelpPanel.access$000(HelpPanel.java:37)
at browser.HelpPanel$2.valueChanged(HelpPanel.java:74)
at javax.swing.JTree.fireValueChanged(Unknown Source)
at javax.swing.JTree$TreeSelectionRedirector.valueChanged(Unknown Source)
at javax.swing.tree.DefaultTreeSelectionModel.fireValueChanged(Unknown Source)
at javax.swing.tree.DefaultTreeSelectionModel.notifyPathChange(Unknown Source)
at javax.swing.tree.DefaultTreeSelectionModel.setSelectionPaths(Unknown Source)
i have given permissions for file io in jdk1.3 jre,tomcat 's catalina as well as in the java.policy file for this particular application which is in the jar folder but no use.can anybody tell me the solution.following is the content of my policy file.
grant {
permission java.net.SocketPermission "*:1024-65535",
"connect,accept,resolve";
permission java.net.SocketPermission "*:80", "connect";
permission java.security.AllPermission;
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "dir", "read";
permission java.io.FilePermission "c:\Program Files\Apache Tomcat 4.0\webapps\web\", "read,write,execute";
thanksHi sangeeta,
I am working on java web start and have posted a query at the following link
http://forum.java.sun.com/thread.jsp?forum=38&thread=328294
I read your question and I found it similar to my problem.
I was wondering if you could temm me exactly what file you had to modify under web start and what was the line that you had to put in.
If the question is ambiguous .... and as an after thot it does look kinda that way please lemme know.
Thanks
Shahid
hi all,
i'm trying to run an application in web start which
runs otherwise absolutely fine.i have made a tree
application .if i press a link in a node it opens
another page in jeditor pane which is on the other
side of the split pane.every time i try to open a page
it gives me the following exception
Exception occurred during event dispatching:
java.security.AccessControlException: access denied
(java.io.FilePermission c:\Program Files\Apache Tomcat
4.0\webapps\web\hello.html read)
at
java.security.AccessControlContext.checkPermission(Unk
own Source)
at
java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkRead(Unknown
Source)
at java.io.File.isDirectory(Unknown Source)
at
sun.net.www.protocol.file.FileURLConnection.connect(Un
nown Source)
at
sun.net.www.protocol.file.FileURLConnection.initialize
eaders(Unknown Source)
at
sun.net.www.protocol.file.FileURLConnection.getHeaderF
eld(Unknown Source)
at sun.net.www.URLConnection.getContentType(Unknown
Source)
at javax.swing.JEditorPane.getStream(Unknown Source)
at javax.swing.JEditorPane.setPage(Unknown Source)
at browser.HelpPanel.displayURL(HelpPanel.java:156)
at browser.HelpPanel.access$000(HelpPanel.java:37)
at
browser.HelpPanel$2.valueChanged(HelpPanel.java:74)
at javax.swing.JTree.fireValueChanged(Unknown
Source)
at
javax.swing.JTree$TreeSelectionRedirector.valueChanged
Unknown Source)
at
javax.swing.tree.DefaultTreeSelectionModel.fireValueCh
nged(Unknown Source)
at
javax.swing.tree.DefaultTreeSelectionModel.notifyPathC
ange(Unknown Source)
at
javax.swing.tree.DefaultTreeSelectionModel.setSelectio
Paths(Unknown Source)
i have given permissions for file io in jdk1.3
jre,tomcat 's catalina as well as in the java.policy
file for this particular application which is in the
jar folder but no use.can anybody tell me the
solution.following is the content of my policy file.
grant {
permission java.net.SocketPermission
ion "*:1024-65535",
"connect,accept,resolve";
permission java.net.SocketPermission "*:80",
0", "connect";
permission java.security.AllPermission;
permission java.util.PropertyPermission
ssion "os.name", "read";
permission java.util.PropertyPermission "os.version",
"read";
permission java.util.PropertyPermission "os.arch",
"read";
permission java.util.PropertyPermission
"file.separator", "read";
permission java.util.PropertyPermission
"path.separator", "read";
permission java.util.PropertyPermission
"line.separator", "read";
permission java.util.PropertyPermission
ssion "user.dir", "read";
permission java.util.PropertyPermission "dir",
dir", "read";
permission java.io.FilePermission "c:\Program
ogram Files\Apache Tomcat 4.0\webapps\web\",
"read,write,execute";
thanks -
Why signed and get "access denied (java.io.FilePermission hello.txt read)"?
I am learning the Java tools and policy to create some local browser application for personal use. So I signed a jar file with jarsigner, keytool and policytool and still trying to figure out why my browser application cannot read a simple local text file.
My question are
1. Why use java policy tool (policytool.exe)? If I signed a .jar with keytool and jarsigner, do I really need java policytool to write a policy?
2. What is the maximum validity days? 365? or more? Do I need to sign again when validity expire?
3. I don't want any of my local browser application gets to internet but only work with local files (read, write, or execute). how do I do that?
4. how to use java security policy to grant access to the jar applet? where do I place and import the policy file so the hosting web browser and the applet can work?
My java applet is a simple class that read a text line from a local file in the same folder, and pass the result to a calling web browser Javascript.
Currently the result in the web page is the error message below, even though the jar is signed correctly.
access denied (java.io.FilePermission hello.txt read)
Someone please help and enlight the newbie!leoku wrote:
I am learning the Java tools and policy to create some local browser application for personal use.Why would you wrap a mostly useless and unhelpful browser window around a Java app. for 'local' use?
.. So I signed a jar file with jarsigner, keytool and policytool and still trying to figure out why my browser application cannot read a simple local text file.
My question are
1. Why use java policy tool (policytool.exe)? If I signed a .jar with keytool and jarsigner, do I really need java policytool to write a policy?No. In fact, don't stuff around with policy files - they are a path to madness.
2. What is the maximum validity days? 365? or more?Keytool accepts an argument for the number of days to remain valid. I do not believe it has an upper limit, but it might be best to experiment with it and find out for yourself. Please report your findings back.
(2a) Do I need to sign again when validity expire?No, but the end user gets a huge warning that the certificate has expired. Further, if it was a certificate that was certified by a CA, the 'always trust' check box which used to default to true, would now default to false.
3. I don't want any of my local browser application gets to internet but only work with local files (read, write, or execute). how do I do that?I am not sure I understand, but if you only offer a JFileChooser for the applet to access resources, that should restrict it to resources off the local file-system. Of course, that would not restrict the end user from downloading something from the internet to their local disks, then accessing it using the applet.
4. how to use java security policy to grant access to the jar applet? where do I place and import the policy file so the hosting web browser and the applet can work?The only place it will work is in the JRE directories of the end-user's machine. Even if you find a way to install your local policy file, do not go messing with the end-user's policy files.
My java applet is a simple class that read a text line from a local file in the same folder,.. In the 'same folder' as what? (1)
..and pass the result to a calling web browser Javascript. That might be the problem. AFAIR, using JS with trusted applets causes the security to be tightened. Perhaps it could be fixed by calling System.setSecurityManager(null) on applet init(), but I have also seen references to using [AccessController.doPrivileged()|http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html] to wrap the problematic code. I am hazy on the details of how/if that works.
Currently the result in the web page is the error message below, even though the jar is signed correctly.
access denied (java.io.FilePermission hello.txt read)
1) If the answer to my question is what I suspect, there may be better ways to access the resource that are usable even in a sand-boxed app. -
Java.security.AccessControlException: access denied (java.io.FilePermission
Hi,
I have written swing code using applets.The code is::
import java.awt.*;
import javax.swing.*;
import java.awt.event.*;
public class JButtonDemo extends JApplet implements ActionListener{
JTextField jtf;
public void init(){
Container c = getContentPane();
c.setLayout(new FlowLayout());
ImageIcon ii = new ImageIcon("");
JButton but = new JButton(ii);
but.setActionCommand("myButton");
but.addActionListener(this);
c.add(but);
jtf = new JTextField(10);
c.add(jtf);
public void actionPerformed(ActionEvent ae){
jtf.setText(ae.getActionCommand());
The html is::
<html>
<body>
<applet code="JButtonDemo.class" width="250" height="150">
</applet
>
</body>
</html>
Its getting compiled but when I'm trying to run it like..
appletviewer JButtonDemo.html
its throwing the following error ..
java.security.AccessControlException: access denied (java.io.FilePermission read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
at sun.awt.SunToolkit.getImageFromHash(SunToolkit.java:472)
at sun.awt.SunToolkit.getImage(SunToolkit.java:486)
at javax.swing.ImageIcon.<init>(ImageIcon.java:81)
at javax.swing.ImageIcon.<init>(ImageIcon.java:107)
at JButtonDemo.init(JButtonDemo.java:10)
at sun.applet.AppletPanel.run(AppletPanel.java:353)
at java.lang.Thread.run(Thread.java:534)
could anyone pls help me in rectifying this problem...
Thanks in advance
SrinivasYou must have missed something, here is how I got it to work:
appelt in c:\temp\test.java:import java.awt.Container;
import java.awt.FlowLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.ImageIcon;
import javax.swing.JApplet;
import javax.swing.JButton;
import javax.swing.JTextField;
public class test extends JApplet implements ActionListener {
JTextField jtf;
public void init() {
Container c = getContentPane();
c.setLayout(new FlowLayout());
ImageIcon ii = new ImageIcon("c:/test.jpg");
JButton but = new JButton(ii);
but.setActionCommand("myButton");
but.addActionListener(this);
c.add(but);
jtf = new JTextField(10);
c.add(jtf);
public void actionPerformed(ActionEvent ae) {
jtf.setText(ae.getActionCommand());
}html file in c:\temp:<DIV id="lblOutputText">Output comes here</DIV>
<object
classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
codebase = "http://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab"
>
<PARAM NAME = CODE VALUE = test >
<PARAM NAME = ARCHIVE VALUE = sTest.jar >
<param name = "type" value = "application/x-java-applet">
<param name = "scriptable" value = "false">
<comment>
<embed
type = "application/x-java-applet" \
CODE = test \
ARCHIVE = sTest.jar
scriptable = false
pluginspage = "http://java.sun.com/products/plugin/index.html#download">
<noembed>
</noembed>
</embed>
</comment>
</object>The batch file creating the signed jar in c:\temp\sign.batdel *.cer
del *.com
del *.jar
del *.class
javac test.java
keytool -genkey -keystore harm.com -keyalg rsa -dname "CN=Harm Meijer, OU=Technology, O=org, L=Amsterdam, ST=, C=NL" -alias harm -validity 3600 -keypass password -storepass password
rem keytool -export -alias harm -file exportPublicKey.cer -keystore harm.com -storepass password
jar cf0 test.jar test.class
jarsigner -keystore harm.com -storepass password -keypass password -signedjar sTest.jar test.jar harm
del *.class
pause -
File read access denied for signed applet
Hi:
I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
java.lang.Exception: java.security.AccessControlException:
access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
private KeyStore ks;
private Provider provider;
private static final String providerName = "PKCS11";
private static final String providerLibrary = "aetpkss1.dll";
public void loadKeyStore(String pin) throws IOException,
CertificateException, KeyStoreException, NoSuchAlgorithmException {
if (provider == null)
registerProvider(providerLibrary);
try {
ks = KeyStore.getInstance(providerName,provider);
} catch (Exception e) {
throw new KeyStoreException("Failed get keystore instance\n"
+ e.getMessage());
try {
ks.load(null, pin.toCharArray());
} catch (Exception e) {
throw new KeyStoreException("Failed load keystore\n"
+ e.getMessage());
public void registerProvider(String library)
throws FileNotFoundException, KeyStoreException {
String fileName;
if (new File(library).isAbsolute())
fileName = library;
else
fileName = getAbsolutePath(library);
if (!(new File(fileName).exists()))
throw new FileNotFoundException("No such file: " + fileName);
String config = "name = " + providerName + "\n"
+ "library = " + fileName;
ByteArrayInputStream confStream =
new ByteArrayInputStream(config.getBytes());
try {
provider = new sun.security.pkcs11.SunPKCS11(confStream);
Security.addProvider(provider);
} catch (Exception e) {
throw new KeyStoreException("Can initialize " +
"Sun PKCS#11 provider. Reason: " +
e.getCause().getMessage());
private String getAbsolutePath(String lib) throws FileNotFoundException {
String[] searchPath;
/* NOTE: This should be modified to suit different versions of *
* Windows and not just Windows XP */
if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
searchPath = new String[] { "C:\\WINDOWS\\system32" ,
"C:\\java" };
} else {
searchPath = new String[] { "/usr/local/lib/" };
for (int i = 0; i < searchPath.length; i++) {
if ((new File(searchPath[i] + File.separator + lib).exists()))
return (searchPath[i] + File.separator + lib);
throw new FileNotFoundException("Library not in search path " + lib);
}The above code is called by a java script, the class' constructor is empty.
The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
I have also made a CLI application that uses the above code and it works perfectly.
So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
The certificate I generated with
keytool -genkey -keystore mystore -alias me
keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
Thanks! ErikThe problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate. -
"access denied" error from Java Web Start
I can successfully download the jar file, but always have error message "access denied" when the java application tries to open a local file in C:\temp\poc1.xml.
I can successfully execute the java application from DOS,but failed when using Java Web Start. The error message is as follows:
Java Web Start Console, started Wed Nov 28 16:30:31 PST 2001Java 2 Runtime Environment: Version
1.3.1 by Sun Microsystems Inc.java.security.AccessControlException: access denied
(java.io.FilePermission C:\temp\poc1.xml read) at
org.apache.xerces.framework.XMLParser.parse(Unknown Source) at
org.apache.xerces.framework.XMLParser.parse(Unknown Source) at
com.hotlocker.client.HLSessionParser.parse(Unknown Source) at
com.hotlocker.client.UploadDownloadClient.uploadFiles(Unknown Source) at
com.hotlocker.client.UploadDownload.main(Unknown Source) at
java.lang.reflect.Method.invoke(Native Method) at
com.sun.javaws.Launcher.executeApplication(Unknown Source) at
com.sun.javaws.Launcher.executeMainClass(Unknown Source) at
com.sun.javaws.Launcher.continueLaunch(Unknown Source) at
com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source) at
com.sun.javaws.Launcher.handleLaunchFile(Unknown Source) at
com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Unknown Source)Hi,
you can't get a file like in a "normal" app
because a JWS-app runs in the restricted
sandbox environment by default.
So you either sign your app with a digital certificate
or you use a special FileOpenService (JNLP-API).
You could also put the file into the app-jar and
load it by a classloader.
Regards,
Mathias -
Java.io.File causes "access denied" exception in a signed applet
Hi,
New to these forums and not entirely where it's appropriate to post this issue, so I'll stick it here for now until told otherwise.
The problem:
My applet throws the following exception.
INFO: Exception Message: access denied (java.io.FilePermission C:\Some Dir With Spaces\AnotherDir\FinalDir read)
The psuedo-code:
java.io.File RootPath = new java.io.File( "C:\" );
private boolean doesSubdirectoryExist(String directory) {
boolean mResult = false;
try
java.io.File tmpPath = new java.io.File( RootPath.toString() + java.io.File.separatorChar + directory );
mResult = tmpPath.isDirectory();
tmpPath = null;
catch (Exception e)
... error handling code
return mResult;
private void btnCheckPathActionPerformed(java.awt.event.ActionEvent evt) {
....some other stuff....
doesSubdirectoryExist(.. a text field value from the GUI form..);
....some other stuff....
} The conditions:
1) The applet is signed.
2) The applet runs fine in the AppletViewer.
3) I am using JDK1.5.0_09.
4) When I click the button the event handler is tied to, it works correctly the first time.
5) If I click a second time, with the same value in the text field (i.e. testing for the same subdirectory again) I get the exception error.
I'm pulling my hair out trying to figure this one out. If it were a security issue with the applet running from a browser, why does it work the first time?
Am I failing to release some lock that creating a java.io.File instance creates?
I would appreciate any help.I've identified the issue. I was attempting to access the filesystem from two different thread and/or contexts.
It seems that if I use the SwingWorker class from https://swingworker.dev.java.net/ to perform background tasks in the Worker thread, I don't get the security privileges required to modify the filesystem. Even though I have signed the jar correctly.
However I can access the filesystem quite happily from the Event Dispatcher thread. If my jar is signed correctly.
So, I have the following questions:
1. Why doesn't SwingWorker worker threads get the same security context as the event dispatcher thread?
2. Is there anyway I can give the worker thread the necessary security privileges?
3. Is there anyway to do this without having to write my own thread handling code and creating my own thread pools?
Message was edited by:
Fidotas
Message was edited by:
Fidotas -
GF 3.1.1 - java.security.AccessControlException: access denied - server.log
I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.
How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.
My output stacktrace is:
INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
at java.util.logging.Logger.log(Logger.java:481)
at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
at java.util.logging.Logger.doLog(Logger.java:503)
at java.util.logging.Logger.logp(Logger.java:619)
at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.
Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.
Here is the offending code commented out in the Server Client Adapter (client wrapper):
Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.
// if(System.getSecurityManager() == null)
// System.setSecurityManager(new RMISecurityManager());
remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());
A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.
Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security? -
Java.security.AccessControlException: access denied
Hi all
While deploying my portal application lots of following exceptions are thrown. Please guide me how I can solve this issue
<Aug 16, 2007 12:27:43 PM PKT> <Warning> <Management> <BEA-400409> <Exception fr
om ApplicationFilePoller while checking for changes in application appsdirDteP
ortal_dir, directory GHQPortal.
java.security.AccessControlException: access denied (java.io.FilePermission D:\b
ea\user_projects\domains\portalDomain\applications\DtePortal\GHQPortal read)
at java.security.AccessControlContext.checkPermission(Ljava.security.Per
mission;)V(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(Ljava.security.Permiss
ion;)V(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(Ljava.security.Permission;)
V(Unknown Source)
at java.lang.SecurityManager.checkRead(Ljava.lang.String;)V(Unknown Sour
ce)
at java.io.File.list()[Ljava.lang.String;(Unknown Source)
at java.io.File.list(Ljava.io.FilenameFilter;)[Ljava.lang.String;(Unknow
n Source)
at com.bea.p13n.management.ApplicationFilePoller.searchDirs(Ljava.lang.S
tring;Ljava.util.Map;)V(ApplicationFilePoller.java:719)
at com.bea.p13n.management.ApplicationFilePoller.searchDirs()Ljava.util.
Map;(ApplicationFilePoller.java:708)
at com.bea.p13n.management.ApplicationFilePoller.check()V(ApplicationFil
ePoller.java:671)
at com.bea.p13n.management.ApplicationFilePoller.access$200(Lcom.bea.p13
n.management.ApplicationFilePoller;)V(ApplicationFilePoller.java:145)
at com.bea.p13n.management.ApplicationFilePoller$PollerThread.checkAllPo
llers()V(ApplicationFilePoller.java:997)
at com.bea.p13n.management.ApplicationFilePoller$PollerThread.run()V(App
licationFilePoller.java:953)
at java.lang.Thread.run()V(Unknown Source)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Sourc
e)
ThanksHi
Thanks for reply bposner. I am using 'weblogic' user to deploy the application. Please help me to dig out this problem.
This problem seems linked with Java Security manager. How can I disable Java Security Manager or what permission should I add in security file to resolve this problem.
Thanks
Edited by arafique393 at 08/16/2007 11:23 PM
Edited by arafique393 at 08/17/2007 4:47 AM -
Java.security.Access denied exception
hello all,
iam new to java please help me .
my program has thrown the exception:
java.security.AccessControlException: access denied (java.io.FilePermission F:\
read)
using applets a dynamic jtree should be displayed.
when a user clicks a node a file should be retrived and display the directories and files in it.
the program code is:
public void mouseClicked(MouseEvent me)
TreePath tp = Tree.getPathForLocation(me.getX(),me.getY());
String dirname = tp.toString();
File f =new File("F:\\");
int w =st.length();
String y = st.substring(1,w-1);
File f2 = new File(y);
String v[] = f2.list90;
for(int u=0;u<v.length;u++)
System.out.println(v); //checking atleast o/p may display in command prompt.
any idea reply soon
it's very urgent.
ushaThis forum is specific to the Message Queue product ....
for general questions, you may want to start at the "new to java" forum
http://forum.java.sun.com/forum.jspa?forumID=54 -
Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45
JAR File Manifest Attributes for Security
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I'm creating .java.policy file in public void init() method of applet. Its before accessing anything in applet. But its not working. Here is my .java.policy file.
grant
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
This is solved by changing java.policy file at C:\Program Files (x86)\Java\jre7\lib\security. I did it manually but our application running all around the world. And I can't go to each user to change the java.policy file. And also some user don't have admin access to change that file. So is there any way we can set runtime parameter(s) or something else... I already posted this question in stackoverflow but couldn't find the way out. I also created MANIFEST.MF file but still not working.
Stackoverflow link: oracle - java.security.AccessControlException: access denied (&quot;java.security.SecurityPermission&quot; &…Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45
JAR File Manifest Attributes for Security
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I'm creating .java.policy file in public void init() method of applet. Its before accessing anything in applet. But its not working. Here is my .java.policy file.
grant
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
This is solved by changing java.policy file at C:\Program Files (x86)\Java\jre7\lib\security. I did it manually but our application running all around the world. And I can't go to each user to change the java.policy file. And also some user don't have admin access to change that file. So is there any way we can set runtime parameter(s) or something else... I already posted this question in stackoverflow but couldn't find the way out. I also created MANIFEST.MF file but still not working.
Stackoverflow link: oracle - java.security.AccessControlException: access denied (&quot;java.security.SecurityPermission&quot; &… -
Java error when trying to edit file - access denied
We have been running Vibe 3.0 for a couple years with no issues but suddenly users have begun to get java errors when trying to edit a file from Vibe. When a file entry is opened and the "Edit this file" link is clicked, a dialog pops up that says :
Error from command:
java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute)
Has anyone else seen this? Could it be related to some windows security update perhaps? Any ideas how to resolve would be appreciated. This happens with regular users as well as admin.
Vibe is running on SLES 10 with mysql. We are using IIS Windows Authentication.
Thanksdangross,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
AccessControlException: access denied !Again!
Hi all,
I hava an applet which is signed.
I want it to be a way to check filesize. I enter the path of the file in value attribute of <param> tag.
In my class when I do:
boolean oki=false;
public void init(){oki=new File(getParameter("path")).exists();}
public boolean isOki(){return oki;}and later in html document.getElementByID('applet').isOki(); I get true.
But this only works with the initial value (ex. e:\ring.mp3).
When I change code in to this form:
public void init(){}
public boolean isOki(){return new File(getParameter("path")).exists();}I get java.security.AccessControlException: access denied (java.io.FilePermission e:\ring.mp3 read).
Its quite annoying...
Please help.You are not allowed to do unsecure actions from methods called from javascript. Start a looping thread from the init method which checks for a changed variable makes the File call.
Erik -
Hello,
when i run my applet on IE browser the following exception occurs
Exception:java.security.AccessControlException:access denied(java.util.PropertyPermission user.dir read)
what is the problem?
here is my java.policy// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
// default permissions granted to all domains
grant {
permission java.util.PropertyPermission "user.dir","read";
permission java.security.AllPermissions;
permission java.util.PropertyPermission "user.home","read";
permission java.io.FilePermission "${user.home}$/*","write,read";
permission java.io.FilePermission "${user.dir}$/*","read,write";
permission java.io.FilePermission "<<ALL FILES>>","read,write";
thanksYou can't use policy file with jvm coming from IE, you can use java-plugin as the default jvm for IE browser.
-
I posted the code from Sam's book in another thread. I compiled the code resulting in two files: PeteApplet.class and PetePanel.class. I moved the files to /usr/local/tomcat/jsp directory. I then copied the required GIF's to the same directory. The GIF's have read/write/exec permission to everyone (chmod 777 on unix). But at run time I get the following error. Please help!
java.security.AccessControlException: access denied (java.io.FilePermission right1.gif read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at sun.awt.SunToolkit.getImageFromHash(SunToolkit.java:486)
at sun.awt.SunToolkit.getImage(SunToolkit.java:500)
at PetePanel.<init>(PeteApplet.java:32)
at PeteApplet.<init>(PeteApplet.java:6)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:566)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1775)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:495)
at sun.applet.AppletPanel.run(AppletPanel.java:292)
at java.lang.Thread.run(Thread.java:536)
java.security.AccessControlException: access denied (java.io.FilePermission right1.gif read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at sun.awt.SunToolkit.getImageFromHash(SunToolkit.java:486)
at sun.awt.SunToolkit.getImage(SunToolkit.java:500)
at PetePanel.<init>(PeteApplet.java:32)
at PeteApplet.<init>(PeteApplet.java:6)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:566)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1775)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:495)
at sun.applet.AppletPanel.run(AppletPanel.java:292)
at java.lang.Thread.run(Thread.java:536)You need to either grant permissions to your applet in
the policy tool or sign your applet. Give the file
read/write permissions has nothing to do with the
applet. The applet runs in a sandbox, to break out of
it your applet must have permission to read from your
hard drive.How do I give the applet permission to read from hard drive?
After reading java.sun.com/sfaq I created ~/.hotjava/properties file with entries like
ac.read=/usr/local/tomcat/webapps/ROOT
where the path points to a directory containing the GIF files. I've set the access permissions to chmod 777 on linux. Still the applet fails to load the GIF file!
Maybe you are looking for
-
Problem with Free on Board -FOB- cost
Dear Experts, I am dealing with a huge problem I am tryng to get a cost from the rows on a Purchase Delivery Note but the price that is posted there isn't the correct one I had tried to put a new user field but It seems that SBO doesn't give me the c
-
Cisco Objects. Combine TEXT and GRAPHIC
Hi, I'm using the CCM width 7970 Phones. Two simple questions. 1) How I can display an Image at left and a text description at right through cisco objects? Can I have an object that mix the CiscoIPPhoneText and CiscoIPPhoneImageFile? 2) In the CiscoI
-
do I need to install itunes on my windows partion to listen to my files while using windows side ?
-
New user: Logic & surround using existing amp??
Hi Please excuse my ignorance, but I have done some searching and couldn't find an answer. I am a new user to Logic, and keen to create surround mixes (5.1). Using a macbook, how can I achieve this in the best and cheapest manner? I have a hope Sony
-
hi all, i'm using Tomcat as a server.i don't know how to use web.xml.i don't want to change values in my servlets.i want to change values thru web.xml.i don't know the procedure to read values from web.xml toservlets.if any body knows let me know. Th