Java Security Model: Java Protection Domains

1.     Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o     Configurable policies -- no longer is the security policy hard-coded into the application.
o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2.     X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3.     Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4.     Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh Vishwakarma

Hi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team).

Similar Messages

  • Java Security Model for Web Apllication Security

    Hi,
    Any one can tell me about Java Security model used in web site protection. what are th eAPI's used to implement this model on Websites.
    I am keen to know only about the Authentication and Authorization secutiry.
    Thanks,
    Vivek

    Hi Ram, thanks for reply. I appreciate your comments.
    This is a very interesting topic because we need to know how much flexibility we have in order to apply security policies to our services. After all, SOA is about flexibility (with appropriate level of control), isn't it? :-P
    Option 1 (WSDL files) is a reasonable one. We could create "views" of the same service using ESB. But I'm concerned if this approach ("Security Oriented Views" of a service) can lead to difficulties in operational governance and appropriate discovery and reuse of the service.
    Option 2 is also something to be concerned, as we could end up designing "Security Oriented Architecture" :-P
    Option 3 (Customization through OAM) is also reasonable, but I don't know if this is really possible to achieve since OAM is mostly related to web resources. It would be nice if we had a chance to implement this in WSM instead.
    Denis
    Message was edited by:
    [email protected]
    Message was edited by:
    [email protected]

  • Keytool error: java.security.KeyStoreException: java.lang.ClassCastExceptio

    hi,
    plz tell me to rectify this error when i tried to create genkey using bouncy castle provider.
    "keytool error: java.security.KeyStoreException: java.lang.ClassCastException"
    Million thks for u
    regs
    kathir

    hi eugen ,
    Thanks for ur reply to my qusn in Java forum.Iam sending the command line
    which i've used.Kindly check it and plz tell me a soln.Thank u
    have a nice day
    Kathiravan
    D:\certificatekeytool -genkey -alias testBouncy -keystore bouncystore
    Enter keystore password: bouncypwd
    What is your first and last name?
    [Unknown]: Kathiravan
    What is the name of your organizational unit?
    [Unknown]: ORG
    What is the name of your organization?
    [Unknown]: MyOrg
    What is the name of your City or Locality?
    [Unknown]: Chennai
    What is the name of your State or Province?
    [Unknown]: TN
    What is the two-letter country code for this unit?
    [Unknown]: IN
    Is <CN=Kathiravan, OU=ORG, O=MyOrg, L=Chennai, ST=TN, C=IN correct?
    [no]: Yes
    Enter key password for <testBouncy
    (RETURN if same as keystore password): bouncykey
    keytool error: java.security.KeyStoreException:
    java.lang.ClassCastException: org.bouncycastle.jce.X509Principal
    I think this is the probm of BouncyCastle provider(i've used both version of Bouncycastle provider ,same probm coming)

  • Migrate to the Java 2 security model

    Hi, I've tried to use signed applets but I always get the following message:
    Java (TM) Plug-in: Version 1.3.1_02
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    I'm using IExplorer 5.5 with the Java Plug-In 1.3.1_02.
    What does it mean 'migrate to the Java 2 security model'?
    How can I migrate?
    thanks in advance.

    So you mean your applet is working in Netscape 6.2 after editing prefs.js. In that case, one possible solution is take away the support of netscape.security.* in your applet . Because netscape.* packages 'might' use the Netscape Security model, which is no longer supported(check out). Hence the system asks you to migrate to the current java security model. Even if you remove the netscape.* support, your applet will work, if you have signed it properly. In that case, you don't have to touch prefs.js or java.policy or anything from your client machine.(provided you use standard certificates like verisign).
    Since you have only class file of the applet and not the source, decompile the class file and make the alteration and compile it back. A decompiler Jad is available here http://midlet.org/jsp/category.jsp?parentLevel=137.
    Let me know if this has helped you.
    Rajesh

  • Entry in java.security NOT WORKING

    :this runs fine:
    c:\java -Djava.secuirty.manager -Djava.security.policy=pol.policy Abc
    :this fails:
    (entered
    "policy.url.3=file:/C:/sgupta/pol.policy"
    in j2sdk1.4.1_01\jre\lib\security\java.security
    c:\java -Djava.secuirty.manager -Djava.security.policy=pol.policy Abc
    WHY DOES THIS FAIL????(.java,.class,.policy all in c:\sgupta)
    import java.util.Properties;
    class Abc {
    public static void main (String args[]) {
    System.out.println("java.home " + System.getProperty("java.home"));

    I think == sign uses policy file, which you specified and = adds entry into the default policy file.
    Good luck,
    --n                                                                                                                                                                                                                                           

  • For a signed applet am getting java.security.PrivilegedActionException:

    I have a signed applet,now for testing it's a self signed applet.
    It used for adding files using JFilechooser.
    It works fine in my machine with JRE version 1.5.0_12 .
    In other machines having jre version with 1.5 onwards it's working fine.
    But one problem am facing now is ,whenever we call a method in applet
    thorugh javascript it is giving security error . This problem comes only when the applet is running in some other machine having a diff jre (in that system the applet loads well,problem comes only when we access any applet method from a javascript).
    Is it due to the diff of java enabled in javascript (at client browser) and in applet (when complied and created the singed jar )
    bellow shows part of the error.
    java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
    Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
    at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
    ... 4 more
    Caused by: java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\dnixon\My Documents\photos\astro1.jpg read)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkRead(Unknown Source)
    at java.io.File.exists(Unknown Source)
    Please any one help.
    thanks in advance
    It's very urgent

    [http://forums.sun.com/thread.jspa?forumID=421&threadID=5308353]

  • Protection Domains with static permissions are improperly constructed

    I'm pretty new to the java security model, but this doesn't look right. It seems as though ProtectionDomains with static permissions have symantically different functionality than those that are constructed with the "variant" constructor(CodeSource, PermissionCollection, ClassLoader, Principal[]). The documentation enforces this idea "The only permissions granted to this domain are the ones specified; the current Policy will not be consulted". Why then are the ProtectionDomains reconstructed improperly in combine(ProtectionDomain[], ProtectionDomain[]) method of the javax.security.auth.SubjectDomainCombiner? The wrong constructor is being called.
    The reason the SubjectDomainCombiner is reconstructing these improperly is because it ownly uses the second form of the ProtectionDomain constructor. In my case the SubjectDomainCombiner is reconstructing a ProtectionDomain that was constructed with the first form. Basically this means that the staticPermissions variable in my ProtectionDomain changes from true to false. Then when it's time to call the implies(Permission) method it consults the current policy instead of ONLY using static permissions.
    This is causing havic with my custom classloader because I don't want the security manager checking the current Policy for permissions. I only want the ProtectionDomain's static permissions. Bug 4687166 also deals with combiners improperly constructing ProtectionDomains, but it is NOT a duplicate.
    Now this means I'm going to have to extend the Policy class to get around this problem. Something isn't right, if it's me, please let me know.

    interesting - if i follow what you're saying, you expect SubjectDomainCombiner to inspect the input ProtectionDomains. if one was constructed with "static" permissions, do you expect SubjectDomainCombiner to create a new ProtectionDomain with the additional Principal info, while retaining the static permissions?
    or do you expect SubjectDomainCombiner to just leave that ProtectionDomain alone - in particular, do not update it with Principal info since it won't affect the permissions granted to that domain anyways?
    either is an interesting change to contemplate, and is a technical possibility for SubjectDomainCombiner (since it is J2SE code). however, to come up with a true solution available to any custom DomainCombiner would probably require public API changes to ProtectionDomain.

  • Disable IO in java app (not java -D)

    I don't want any program to be allowed anything more than a standard applet except when it is specified in a policy.
    The code (posted below) listens to my policy file when run as an applet but ignores the java.security and java.policy when started with java.
    The command "java test" gives me no exceptions at all, the default (I guess) is to allowe java apps to do what they want.
    So my question is can I set the security or policy so it won't allowe anything unless specified in a policy file?
    import java.util.Properties;
    import java.applet.Applet;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    public class test extends Applet implements Runnable {
                public test(){
                    new Thread(this).start();
             public static void main(String argv1[]) {
                  new test();
                public void run(){
                     try{
                          System.out.println("java.home is: " + System.getProperty("java.home"));
                          System.out.println("user.home is: " + System.getProperty("user.home"));
                              File fle = new File(System.getProperty("user.home") + System.getProperty("file.separator") + "sometext.txt");
                                 FileOutputStream outFile = new FileOutputStream(fle);
                   outFile.write("hello, this is written by Java".getBytes());
                   outFile.close();
                              FileInputStream inFile = new FileInputStream(fle);
                              int b = inFile.read();
                      while(b!=-1){
                                   System.out.print((char) b);
                                   b = inFile.read();
                          inFile.close();
                     }catch(Exception e){
                          e.printStackTrace();
    // java.security:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.sun.net.ssl.internal.ssl.Provider
    security.provider.3=com.sun.rsajca.Provider
    security.provider.4=com.sun.crypto.provider.SunJCE
    security.provider.5=sun.security.jgss.SunProvider
    securerandom.source=file:/dev/random
    login.configuration.provider=com.sun.security.auth.login.ConfigFile
    policy.provider=sun.security.provider.PolicyFile
    policy.url.1=file:${java.home}/lib/security/java.policy
    # the following line gives me an opportunity to give special prifs to programms and applets
    # policy.url.2=file:${java.home}/lib/security/localApplet.policy
    # don't want to allowe the user to change policy
    # policy.allowSystemProperty=true
    policy.expandProperties=true
    policy.ignoreIdentityScope=false
    keystore.type=jks
    system.scope=sun.security.provider.IdentityDatabase
    package.access=sun.
    ssl.KeyManagerFactory.algorithm=SunX509
    ssl.TrustManagerFactory.algorithm=SunX509
    networkaddress.cache.negative.ttl=10
    java.policy:
    // you guessed correct thisone is empty

    Thanx for taking the time to respond.
    Sorry, I see my pref post was wrong. The code is OK but the java.policy looks loke this:
    // Standard extensions get all permissions by default
    //grant codeBase "file:${java.home}/lib/ext/*" {
    //     permission java.security.AllPermission;
    // default permissions granted to all domains
    grant {
         permission java.lang.RuntimePermission "usePolicy";
    };The usePolicy means that applets allways use policy to see what permissions they have.
    Compiled test.class and made a html file containter:
    <applet code="test.class" width="100" height="100"></applet>
    When I run: appletviewer test.htm
    Sure enough I get a security exception:
    java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)
    when I run the same code like this:
    java test.class there is no exception at all, I was wondering how can I force all classes to use policy?
    I think you can set your applications security manager to anything you
    want.
    If you can work out the Applets security manager class, you should be
    able to instantiate it and set it for your application.I didn't work out the Applets security manager if you are referring to: security.provider.1=sun.security.provider.Sun in the java.security.
    I just configured the policy.
    Sorry for the wrong info in my pref post that might have you thinking I rewrote/subclassed the security provider.
    http://java.sun.com/docs/books/tutorial/security1.2/tour2/step2.html
    Tells me how to use -D but there is nothing on allways forcing policy on any class.

  • Please Migrate to the java 2 Security Model.

    HI, this is my first post BTW, I dont know much about Java its just that when i try to access my work from home(united Airlines). It was working fine until i had to format My hd and since u can no longer download java from the microsoft site i had to come here to download the newer version and havent been able to access it since. Is there a site or anywhere that i can download hte old version perhaps or get this one to work? when i tyr to login i get this Error in the Java Console:
    ipsNetletStatus.init()
    Netlet Starting (16)
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet found Netscape
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netlet config: https://gw-r5.airline.compuserve.com:443/http://as-r5.airline.compuserve.com:8080/NetletConfig?func=loadResources
    ipsNetletStatus.start()
    ...ipsNetletStatus.run() is starting
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    netscape.javascript.JSException: Failure to evaluate netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead");navigator.preference("network.proxy.ssl");
    at sun.plugin.javascript.ocx.JSObject.eval(Unknown Source)
    at BrowserProxyInfo.<init>(BrowserProxyInfo.java:58)
    at SServer.loadParameters(SServer.java:140)
    at SServer.start(SServer.java:111)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Lokk at this thread http://forum.java.sun.com/thread.jsp?forum=31&thread=297109
    and search the Forums using the term "java 2 security model" (include the quote marks)

  • Migrate to the Java 2 security model instead...

    Since I installed Java 4 ver 1.4 on my computer, I have not been able to access my homebanking. In the Java console I get the following message:
    1.4.0 on Windows XP
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead.
    What does it mean, and how do I fix the problem???
    Thanks in advance!

    This is a real pain. I can't roll out Java 1.4 inside our company because we use several applets for which we do not have the source code, and they no longer work because of this limitation. Sun needs to fix this if they want people to upgrade to Java 1.4.

  • Netscape vs. Java 2 Security model

    Hi, new user here, downloaded and installed Java Virtual Machine plug-in, 1.4.2-b28, Wednesday evening. Added Java capability to IE 6.0.28. Running XP.
    Encountered a problem with a URL that had worked with Microsoft VM on another machine on my home network. Found the Java Console, which gave the following message: "Netscape security model is no longer supported. Please migrate to the Java 2 security model instead."
    Questions:
    1) Might this be the source of the problem I encountered?
    2) Is the Java 2 security model something I have to download, or is it some setting in IE?
    3) If this isn't the right forum for this question, which one is?
    That is, how do I "migrate" to Java 2, and why would I be using a Netscape Security model with the latest version of IE?
    I am not a developer, just a frustrated consumer!
    Warmest regards

    dear sir
    I am having the same problem as yours did you find a soloution for this problem
    Thanks & best regards

  • Java 2 vs. Netscape security model

    Hi, new user here, downloaded and installed Java Virtual Machine plug-in, 1.4.2-b28, Wednesday evening. Added Java capability to IE 6.0.28. Running XP.
    Encountered a problem with a URL that had worked with Microsoft VM on another machine on my home network. Found the Java Console, which gave the following message: "Netscape security model is no longer supported. Please migrate to the Java 2 security model instead."
    Questions:
    1) Might this be the source of the problem I encountered?
    2) Is the Java 2 security model something I have to download, or is it some setting in IE?
    3) If this isn't the right forum for this question, which one is?
    That is, how do I "migrate"?
    I am not a developer, just a frustrated consumer!
    Warmest regards

    dear sir
    I am having the same problem as yours did you find a soloution for this problem
    Thanks & best regards

  • Java 2 security model

    I started an applet once, i selected "Grant always" and afterwards everytime i try to start the applet i get the error message:
    Netscape security model is no longer supported.
    Please migrate to the Java 2 security model instead
    How i should bypass the error?

    try:
    http://java.sun.com/docs/books/tutorial/security1.2/ove
    view/index.html
    regardsThanks for your replay, but it seems to me too compicate how i may overcome the problem!
    Regards,

  • Java 1.2 security model exitVM permission not respected

    Hi all,
    I am trying to configure a jvm to run class files in a very restricted
    sandbox. I created a policy file (xmud.policy) that allowed minimal
    permissions and then executed the jmv with the following command:
    java -Djava.security.manager -Djava.security.policy==xmud.policy
    org.xmud.test.hello
    The program hello.java executed a System.exit(1)
    Although the file xmud.policy does not grant exitVM permission to the
    application it can exit with no problems. If I run the program with:
    -Djava.security.debug=access
    I can see that access is granted for exitVM with no problem.
    The only way for disallowing exitVM is to subclass SecurityManager and have
    my custom class throw an exception on checkExit.
    Shouldn't the policy file disallow exitVM with the default Security Manager?
    I get the same problem with getClassLoader.
    The policy file is:
    grant codeBase "file:/e:/corba_projects_exe/-" {
    permission java.util.PropertyPermission "java.io.tmpdir", "read";
    permission java.io.FilePermission "e:\\-", "read, write, delete, execute";
    Thanks

    From the jdk1.4 API documentation for java.lang.RuntimePermission the following can be found:
    "Note: The "exitVM" permission is automatically granted to all code loaded from the application class path, thus enabling applications to terminate themselves."
    I hope that helps.
    /Hans

  • Java Security (JAAS)

    Hi!
    I created login module using java security (JAAS). In that 'logout' link is working properly at client side. but it is not working at server side.
    It is giving following exception at Browser.
    The requested URL could not be retrieved
    While trying to retrieve the URL: http://herring.bostednt.com:7778/nstar/EELoginAction.do
    The following error was encountered:
    Unable to determine IP address from host name for herring.bostednt.com
    The dnsserver returned:
    Name Error: The domain name does not exist.
    This means that:
    The cache was not able to resolve the hostname presented in the URL.
    Check if the address is correct.
    Your cache administrator is root.
    http://herring.bostednt.com:7778 ---->> This is the server URL.
    help me how to solve this.
    email : [email protected]

    as a test try with hard coding the IPAddress instead of the hostname

Maybe you are looking for

  • I am having some problem with my battery, always at 99%, led light not work

    Hi, I just purchased my macbook 2 weeks ago. The battery was perfectly fine on the first 2 week. After fully charge, led light turn from amber to green as what it suppose to be. But since today, when I plug in my charger to my laptop, the led light w

  • TS3048 No bluetooth whatsoever on Macbook Pro 10.6.8, resetting PRAM and SMC does nothing. Help?

    Bought a wireless Magic Mouse today, was real pumped to go home and use it. When I turned my computer on, there was no bluetooth whatsoever to connect to. I read the forums for solutions, tried resetting PRAM and SMC. Neither worked. Let me know what

  • How to trap warning messages generated from the background processing?

    Hi all, Following is my requirement, i want to know whether it can be done and how? The credit management (CM) warning messages generated as a result of the CM background processes, where do the messages go? Can you trap them and include them in an i

  • Displaying cursor on slideshow

    On PPT for Mac I can right click the screen and get pointer options. The one I want is use pointer as pen...I have not been able to find this in Keynote. Can anyone help me with this? Powerbook G4 Aluminum   Mac OS X (10.4.8)   Keynote 3

  • Division wise profitability

    hi gurus, my clients want to assess their profitability division wise. i am confused as to what should be the character and the value fields.. since i dont see any option in both the forms saying " division" is that i hav to create it.. i wud really