Changing java.security providers

Hi
Does anyone know if changing the default security provider breaks WL 5.1?
/usr/java/jre/lib/security
Before:
security.provider.1=sun.security.provider.Sun
After:
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=sun.security.provider.Sun
Also, does WL or Java have a parameter to use an alternate java security file,
i.e. running different invocations of Java with different files?
Thanks.

It raises a java.io.IOException: "Could not completed immediately a socket unlock operation".Is that the exact text? with the grammar error? if not can you please provide the exact text?
and also the stack trace?

Similar Messages

See my error java.security.AccessControlException: access denied how change

hi master
sir wrote connection class that run and give me right result
but when i call data from applet then
java give me error
java.security.AccessControlException: access denied (java.util.PropertyPermission oracle.jserver.version read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
=======
sir i serch in net i got some idea
i. change java.policy
and put this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
sir please give me idea i serch java.policy in my system that show many java.policy file
sir which file i use and where i put
this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
second idea got from net change the java.security
2. change java.security
and put this code
policy.url.1=file:${java.home}/lib/security/java.policy
sir please give me idea i serch java.policy in my system that show many java.security file
sir which file i use and where i put
this code
policy.url.1=file:${java.home}/lib/security/java.policy
please give me idea how i chang my java.policy and java.security file
thank you
aamir

Amir,
You have to make your applet a signed applet.
Please search the Internet to find out how to do this.
Good Luck,
Avi.

What is the risk of changing the order of the security providers?

I have developed a SFTP solution for Webmethods. Webmethods has IAIK (class iaik.security.provider.IAIK) as its default DH provider. To get the SFTP solution to work, I had to change the DH provider to SunJCE.
I did that through changing the order of the security providers in the
java.security file
in C:\j2sdk1.4.2_13\jre\lib\security
Now it is
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
Before it was
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
A lot of other webmethods services uses the same server, so if we change the order of the security providers, it will affect all of these. So what I want to know is what is the risk of changing the order of the security providers?

Check here for compatibility of 3rd party Software you may be using...
http://roaringapps.com/apps:table
Also note that Rosetta is no longer supported in Lion and Mountain Lion...
You will need more RAM... Get the Maximum you can for your Mac...
It is important to get the Correct and Matching RAM
See Here > OWC RAM > http://www.macsales.com
The above site also has videos on how to Install RAM should you need it...

How to run java signed applet in vista with changing IE security options

how to run java signed applet in vista with changing IE security options. If i change the IE security settings to low. it works.
without changing the security setting, how to run.

j_nanaji9 wrote:
how to run java signed applet in vista with changing IE security options. If i change the IE security settings to low. it works.
without changing the security setting, how to run.Can't be done without changing the security setting.

Java.rmi.UnmarshalException Failed to load class com.msl.security.providers

Hi ,
I have the following error while i am stopping a Weblogic instance. Did anyone face a similar issue, please let me know. I see a classnotfound error , but not sure what is that jar file. Is it a application jar or a weblogic one?
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
log4j: Trying to find [resources/comdev/default-log4j.properties] using context classloader java.net.URLClassLoader@183f74d.
log4j: Using URL [jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties] for automatic log4j configuration.
log4j: Reading configuration from URL jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties
log4j: Hierarchy threshold set to [ALL].
log4j: Parsing for [root] with value=[INFO, NA].
log4j: Level token is [INFO].
log4j: Category root set to INFO
log4j: Parsing appender named "NA".
log4j: Parsed "NA" options.
log4j: Finished configuring.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:7009 with userid weblogic ...
This Exception occurred at Sun Apr 10 14:17:03 UTC 2011.
javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested excep
tion is:
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:32)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:673)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
... 48 more
Problem invoking WLST - Traceback (innermost last):
File "/web/10.2/user_projects/domains/dom/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: 'Error occured while performing connect : Error getting the initial context. There is no server running at t3://localhost:7009 Use dumpStac
k() to view the full stacktrace'
Thanks a lot for your time.
Manish

Hi Manish,
It seems that you are using a custom security provider and the weblogic server is not able to find the class / jar file that contains the class.
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
Make sure you have all the required jar files in the server classpath.
You can use the JarScan utility to find the jar that contains the class.
Refer the below link regarding the jarScan.
http://weblogic-wonders.com/weblogic/2011/01/26/finding-jar-files-using-jarscan/
Regards,
Anandraj
http://weblogic-wonders.com

Error in weblogic7.0 :java.security.NoSuchAlgorithmException:

Hi All
thanks in advance.
i am facing a peculiar problem while using SunJce provider
i have some classes to encrypt& decrypt some information using
DeffieHellman protocol.
Problem 1
while i am running those classes in command prompts
some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
I am using JDK1.3 which comes with weblogic and jce1.2.2
for classpath and path setting
set path=D:\bea\jdk131_03\bin
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
Problem 2
While i am using those classes in servlet and jsp which are deployed in weblogic 7
Some time i am getting correct results
but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import com.sun.crypto.provider.SunJCE;
public class DiffieHellmanKeyGeneRation {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
* DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
* and assigns it to the instance variables .
* @param nil
* @returns nil
public DiffieHellmanKeyGeneRation(){
     try {
String mode = "GENERATE_DH_PARAMS";
               run(mode);
} catch (Exception e) {
System.err.println("Error: " + e);
System.exit(1);
* getAlicePubKey() -Return the Instance Variable alicePubKey
* @param nil
* @returns PublicKey
public PublicKey getAlicePubKey()
return alicePubKey;
* getBobPubKey() -Return the Instance Variable bobPubKey
* @param nil
* @returns PublicKey
public PublicKey getBobPubKey()
return bobPubKey;
* getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
* @param nil
* @returns KeyAgreement
     public KeyAgreement getAliceKeyAgree()
return aliceKeyAgree;
* getBobKeyAgree() -Return the Instance Variable bobKeyAgree
* @param nil
* @returns KeyAgreement
public KeyAgreement getBobKeyAgree()
return bobKeyAgree;
*run() method -Generate Algorithm instance,KeySpec,and keypair
* and assigns it to the instance variables .
* @param String
* @returns nil
private void run(String mode) throws Exception {
DHParameterSpec dhSkipParamSpec=null;
// System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512);
AlgorithmParameters params = paramGen.generateParameters();
dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
* Alice creates her own DH key pair, using the DH parameters from
* above
// System.out.println("ALICE: Generate DH keypair ...");
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// Alice creates and initializes her DH KeyAgreement object
// System.out.println("ALICE: Initialization ...");
aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
// Alice encodes her public key, and sends it over to Bob.
byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
* Let's turn over to Bob. Bob has received Alice's public key
* in encoded format.
* He instantiates a DH public key from the encoded key material.
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
* Bob gets the DH parameters associated with Alice's public key.
* He must use the same parameters when he generates his own key
* pair.
DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
// Bob creates his own DH key pair
// System.out.println("BOB: Generate DH keypair ...");
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Bob creates and initializes his DH KeyAgreement object
// System.out.println("BOB: Initialization ...");
bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKpair.getPrivate());
// Bob encodes his public key, and sends it over to Alice.
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
* Alice uses Bob's public key for the first (and only) phase
* of her version of the DH
* protocol.
* Before she can do so, she has to instanticate a DH public key
* from Bob's encoded key material.
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
2)
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import sun.misc.*;
import com.sun.crypto.provider.SunJCE;
public class DHEncryptDecrypt {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
     SecretKey bobDesKey = null;
     SecretKey aliceDesKey =null;
* DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variables .
* @param nil
* @returns nil
     public DHEncryptDecrypt()
          try{
          init();
     }catch(Exception e){e.printStackTrace();}
* init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variable ds.
* @param nil
* @returns nil
private void init() throws Exception
     System.out.println("Initialising...");
               DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
               alicePubKey=dhPubKey.getAlicePubKey();
               bobPubKey=dhPubKey.getBobPubKey();
aliceKeyAgree=dhPubKey.getAliceKeyAgree();
               bobKeyAgree=dhPubKey.getBobKeyAgree();
//System.out.println("ALICE: Execute PHASE1 ...");
aliceKeyAgree.doPhase(bobPubKey, true);
     * Bob uses Alice's public key for the first (and only) phase
     * of his version of the DH
     * protocol.
// System.out.println("BOB: Execute PHASE1 ...");
bobKeyAgree.doPhase(alicePubKey, true);
* At this stage, both Alice and Bob have completed the DH key
* agreement protocol.
* Both generate the (same) shared secret.
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
int aliceLen = aliceSharedSecret.length;
byte[] bobSharedSecret = new byte[aliceLen];
int bobLen;
/* try {
// show example of what happens if you
// provide an output buffer that is too short
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
} catch (ShortBufferException e) {
System.out.println(e.getMessage());
// provide output buffer of required size
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
          if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Shared secrets differ");
//System.out.println("Shared secrets are the same");
// System.out.println("Return shared secret as SecretKey object ...");
// Bob
// Note: The call to bobKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
bobKeyAgree.doPhase(alicePubKey, true);
bobDesKey = bobKeyAgree.generateSecret("DES");
// Alice
// Note: The call to aliceKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
aliceKeyAgree.doPhase(bobPubKey, true);
aliceDesKey = aliceKeyAgree.generateSecret("DES");
* encrypt() - Alice encrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
          public String encrypt(String ClearText) throws Exception
     String CipherText=null;
               try{
               // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
          Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
     aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
               byte[] cleartext = ClearText.getBytes();
               //System.out.println("cleartext Array:"+ cleartext.size);
               byte[] ciphertext = aliceCipher.doFinal(cleartext);
// BASE64Encoder b64e = new BASE64Encoder();
               //CipherText = b64e.encode(ciphertext);
               CipherText = new String(ciphertext);
               }catch(Exception e){e.printStackTrace();}
     return CipherText;
* encrypt() - Bob Decrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
public String decrypt(String CipherText) throws Exception
String Recovered=null;
     try{
          // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
// System.out.println("Length of String is:"+CipherText.length());
               Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
          bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
               byte[] CipherTextBytes=CipherText.getBytes();
byte[] recovered = bobCipher.doFinal(CipherTextBytes);
               Recovered=new String(recovered);
          // System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
}catch(Exception e){e.printStackTrace();}
     return Recovered;
and i am using following logic to encrypt and decrypt
String MyPlainText ="sm_user=residential&csol_account=383784";
//String MyPlainText ="This is my message";
     System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
try{
     DHEncryptDecrypt ed=new DHEncryptDecrypt();
String CipherText=(ed.encrypt(MyPlainText));
               BASE64Encoder b64e = new BASE64Encoder();
               String CipherText1 = b64e.encode(CipherText.getBytes());
System.out.println("\n\nUserInfo="+CipherText1);
     String DecryptedMessage=ed.decrypt(CipherText);
System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
     }catch(Exception e){e.printStackTrace();}
and my java.security file in D:\ bea\jdk131_03\jre\lib\security
is changed to add the provider as
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
Pls help me to resolve the magic shown by these classes.....some time right and some time worng
mainly i need help in
Badpadding Exception and NosuchAlogorithm exception in weblogic
Thanks
And regards
Arati

replace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
this should at least fix your "Badpadding exception" problem (it did fix it for me).

Help : java.security.UnrecoverableKeyException: excess private key

Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
     at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
     at java.security.KeyStore.getKey(KeyStore.java:289)
     at com.security.Security.generatePKCS7Signature(Security.java:122)
     at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
     at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM

user10935179 wrote:
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
Arshad Noor
StrongAuth, Inc.

WL10: How to port sample security providers?

Hello,
I've downloaded sample security providers for WL8.1 and trying to get them working on my WL10 setup. It seems quite a lot has changed since wl8.1. For example information how to setup security providers by using admin console are completely different. Also when I tried to workaround this by using ant setup, it also failed with:
[java] Executing command: INVOKE -mbean Security:Name=SampleRealmManageable
SampleAuthenticator -method createUser sampleuser samplepassword nodescription
[java] Could not find the instance for Security:Name=SampleRealmManageableS
ampleAuthenticator
[java] Error: setupSampleRealm.adm at line number: 45
[java] --------------------------------------------------------------------
[java] --------------------------------------------------------------------
[java] Batch Command Results:
[java] Total Commands Executed: 23
[java] Commands Successful: 22
[java] Commands Failed: 1
BUILD SUCCESSFUL
Total time: 7 seconds
My question is: has anybody already ported sample security providers to the WL10?
Thanks,
Karel

"Laurent Duperval" <[email protected]> wrote in message
news:3fe07edb$[email protected]..
>
Hi,
I'm trying to get the sample realm working as the default realm to startWeblogic.
The goal is to modify it piece by piece to a more secure model, but I'mstarting
from the basics.
Here's what I've done now: I created a new realm and I used all thedefault providers
except the authentication provider. For that, I used the Manageableauthentication
sample. The problem is that it uses non-encrypted data to set the passwordbut
the boot.properties file containes 3DES data. So now, the realm won'tstart. How
can I set up the boot.properties file to enable the use of my new realm asthe
default?
The boot.properties should work with any provider. WLS decrypts the username
and password
before passing it to the provider. I would double check to make sure that
username and
password is defined in your manageable authentication sample.
You can define the DebugSecurityAtn="true" attribute for the ServerDebug
Mbean to get
additional debugging information.

How can I change java.policy at runtim on client machines using java webst?

Hi,
I have to change java.policy to launch my application through webstart to provide one RuntimePermission "permission java.lang.RuntimePermission "getClassLoader";"
Its because of a bug in java bug "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_"
So, my problem here is, how can I do this dynamically on each client machine's java.policy.
I have spent time on this and found some alternatives
1. Specifying an Additional Policy File at Runtime by launching application "java -Djava.security.manager -Djava.security.policy=someURL SomeApp"
Please refer more on this "http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html"
But, here the problem is, how can I do this using webstart (expert.jnlp) file even though I have the "java-vm-args" tag, its not supporting this argument.
Please refer "http://docs.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/syntax.html#security";
2. Implementing the Policy in code.
But, not sure how to do this..
How can I grant the runtime permission on every user's machine dynamycally?
Here are some background details on this:
I am using java6 and weblogic 10.3.3.
Here is thing that I tried,
My application downloads a few jars to the client machines using java webstart and then it will get the initial context using the t3 protocal. The jars include wlclient.jar and ojdbc6.jar initially.
The problem here I was facing, when I tried request a bean, it is giving me the following exception in the client logs.It is requesting one state less session bean and I checked the server logs as well and the bean has returned the expected values properly.
But here I observed one more thing, before this request, one session bean(state less) has been requested successfully.
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:
org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at com.mbt.expert.server.util._ServerDBQueryObjectRemote_Stub.getExchangeList(Unknown Source)
at com.mbt.expert.util.DBQueryObject.getExchangeList(DBQueryObject.java:419)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.actionPerformed(OpenExchangeDialog.java:425)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Unknown Source)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.displayDialog(OpenExchangeDialog.java:606)
at com.mbt.expert.mdi.actions.OpenExchangeAction.execute(OpenExchangeAction.java:204)
at com.mbt.mdi.MDICommand.actionPerformed(MDICommand.java:47)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
... 80 more
The same is working in some other machine which are in different network. So, I have replaced the wlclient.jar with the wlthint3client.jar.
After replacing this jar I was getting the below exception in client logs while requesting a state less session bean.I also checked whether the request is reaching the server (bean) or not, but its not reaching the server.The problem is same at all the machines irrespective of the networks.
java.lang.AssertionError: Failed to generate class for com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:797)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:786)
at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:213)
at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:197)
at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:598)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:193)
at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:62)
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:240)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1033_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
at javax.naming.InitialContext.lookup(Unknown Source)
at com.mbt.expert.mdi.ExpertVariable.getLoginSession(ExpertVariable.java:455)
at com.mbt.expert.view.dialogs.Login.okPressed(Login.java:187)
at com.mbt.expert.view.dialogs.Login.keyPressed(Login.java:141)
at java.awt.Component.processKeyEvent(Unknown Source)
at javax.swing.JComponent.processKeyEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:795)
... 55 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at weblogic.utils.classloaders.AugmentableClassLoaderManager.getAugmentableClassLoader(AugmentableClassLoaderManager.java:48)
at weblogic.rmi.internal.ClientRuntimeDescriptor.findLoader(ClientRuntimeDescriptor.java:254)
at weblogic.rmi.internal.ClientRuntimeDescriptor.getInterfaces(ClientRuntimeDescriptor.java:132)
at weblogic.rmi.internal.StubInfo.getInterfaces(StubInfo.java:77)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.ensureInitialized(Unknown Source)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.<init>(Unknown Source)
... 60 more
I have tried one more thing, I have taken all the required jars to one of the client machines and executed the main class (by setting the required class path) from cmd using java instead of javaws. Surprisingly, its working fine with out any problem using the wlthint3client.jar.
I also tried the same, by placing wlclient.jar using java in the same way(from cmd instead of javaws ), but I was facing the same exception while requesting the second session bean and found the same above exception in client logs.
To resolve this, I come across the java bug that I have given earlier "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_".
In that page, I found a work around for this; suggested by bea to add the Runtime permission "permission java.lang.RuntimePermission "getClassLoader";" to the clients java.policy
So, please suggest me a way to resolve this problem.
Please suggest me if you have any other solutions for this problem.
Thanks in advance :)

I still think your problem is nothing to do with that ancient non-bug and that you should be looking elsewhere. You might be lucky and find someone here who can say "Ah, I know what that is" but I doubt it because since Oracle took over Sun this site has gone down hill big time.

Java.security.AccessControlException when calling web service from applet

I have an applet that calls a webservce (Xmethods' delayed stock quote service). When I run the applet in appletviewer, I get the following:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.security.AccessControlException: access denied (java.net.SocketPermission 66.28.98.121:9090 connect,resolve); targetException=java.lang.IllegalArgumentException:
Error opening socket: java.security.AccessControlException:
access denied
etc.....
My code works fine as an application, but not as an applet. (This was after I eventually had to extract the necessary SOAP .jar files into the same directory as my applet, but that's another topic...or maybe not?)
Help!
Regards,
John Kirksey

The default security settings does not give an applet to connect to any other server apart from the one from which it was downloaded. This is your problem. To mitigate that you have to change the security setting of the applet conatiner i.e the JVM in the browser.
Ironluca

Java Security Model: Java Protection Domains

1.     Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o     Configurable policies -- no longer is the security policy hard-coded into the application.
o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2.     X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3.     Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4.     Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh Vishwakarma

Hi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team).

Signed applet not working in firefox - java.security.AccessControlException

Hello,
I have a signed applet that works fine in IE 7 but in Firefox I'm getting this exception in the java console:
java.security.AccessControlException: access denied (java.net.SocketPermission myhost.com resolve)
I already tried to run the applet with different JRE versions in Firefox with the same result: 1.6.0_01, 1.6.0_02, 1.6.0_03, 1.6.0_05
I'll appreciate your help.

thanx 4 replying
using the browser to view Applet is not recomended that is because if u change the the source-code and recompile the applet then run it using the broswer it will run the old-version
Also i've found the solution here
http://www.cs.utah.edu/classes/cs1021/notes/lecture03/eclipse_help.html

How to change the security settings of tomcat5.0

hi i am new to servlets. i am using tomcat5.0 to run my servlets.i have created two web applications under webapps directorywith the names ourwa and new ourwa.as part of ourwa i have developed a servlet with name Caller that includes another servlet named Calle of newourwa. to do this i got the Servlet Context object newourwa with the code below
ServletContext application=getServletContext( );
ServletContext newapplication=getContext("/newourwa" );
and i included Calle servlet using this newApplication with the code below
RequestDispatcher rd=newapplication.getRequestDispatcher("/calle");
rd.include(request,response);
i am not getting the ServletContext object of newourwa. so i am getting null pointer exception while running the servlet Caller.
i read the documentation on servlet context inteface.there is a method with the name get Context( ).in this method they clearly specified that "in a security conscious environment this method returns null".
please help me by giving answers to the following questions:
1)wat is the alternative to dispatch the request from one application to another application?
2)how to change the seurity settings of tomcat5.0?
thanks.

There has been a change in the Java security settings, see:
*http://kb.mozillazine.org/Java#Java_security_prompts
*"What should I do when I see a security prompt from Java?":<br>http://www.java.com/en/download/help/appsecuritydialogs.xml
If you visit a website regularly then a possible workaround is to add the URL to the Java Exceptions Site List, see:
*"Why are Java applications blocked by your security settings?":<br>http://www.java.com/en/download/help/java_blocked.xml
*"How can I configure the Exception Site List?":<br>http://www.java.com/en/download/faq/exception_sitelist.xml

Java.security.AccessControlException: access denied (java.util.PropertyPerm

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmad

I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101

Java.security.AccessControlException: access denied (java.util.PropertyPer

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
     at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
     at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
     at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
     at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
     at com.sun.ba.tool.baApplet.init(baApplet.java:46)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
     ... 7 more
any help would be appriciated so much.
thanks
mehmad

Hi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk

Changing java.security providers

Similar Messages

Maybe you are looking for