Java & security/Privacy Problem

Hello
wonder if you could help or give advice
(An idiots answer for a idiot like me is prefered)
when using a fully Anonymous proxy even with
(Cookie via java script:;Private )
web Browser and sun java shows your real IP in java ip
fetch scripts and makes direct connect to your private box
{For Example:}
http://www.rental-web.com/~azuma/cgi-bin/env.cgi
yet Internet Explorer and MS-Java with the same webpage and
the same proxy loads the applet but blocks the ip fetch
and just shows "UnKnown" in the java applet
is there anyway of altering the sun java install to give
the same security/privacy ?
Hope You can help as i would like use sun java
but this one small thing is putting me off as my firewall probes
with scripted webpages is annoying
Thanks
Dig

Or can i maybe edit the sun java install so all java
traffic is forced via the proxy ?
instead of it being able to circumnavigate the proxy
as it is now
pointless trying to secure your box if the backdoor
is left open

Similar Messages

A Java security or permissions problem?

First of all, I don't know much about Java, even its naming and version numbering nomenclature, and second, if there is a better group to ask this in, please let me know.
System is Mac with 10.4.4. I have Java 1.3.1, 1.4.2, and J2SE 5.0 (1.5.0) installed. The Java preferences application lets me choose J2SE 5 or 1.4.2 to run applets via a browser. The problem happens in both settings.
The problem is that we have a printer that serves a little Java-based management application to view history and otherwise manage it. When I hit the IP, I get the Java coffee cup for a few moments, then a blank area. It fails in both Safari and Internet Explorer.
I'm pretty sure this used to work in OS X 10.4.3. It works from Windows which has runtime 1.4.something.
In the Java console, I get the following. (I've snipped some lines.)
========================================
Java Plug-in 1.5.0
Using JRE version 1.5.0_05 Java HotSpot(TM) Client VM
User home directory = /Users/timmurray
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.com.apple.mrj)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264 )
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
<snipped 22 similar lines>
Exception in thread "Thread-17" java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(GrayBoxPainter.java:153)
at sun.plugin.AppletViewer.showAppletException(AppletViewer.java:1968)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:664)
at sun.applet.AppletPanel.run(AppletPanel.java:320)
at java.lang.Thread.run(Thread.java:613)
java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(GrayBoxPainter.java:153)
at sun.plugin.AppletViewer.showAppletStatus(AppletViewer.java:1898)
at sun.applet.AppletPanel.run(AppletPanel.java:365)
at java.lang.Thread.run(Thread.java:613)
Exception in thread "thread
applet-com.efi.appls.webtools.WebToolsApplet.class"
java.lang.NullPointerException
at sun.plugin.util.GrayBoxPainter.showLoadingError(GrayBoxPainter.java:153)
at sun.plugin.AppletViewer.showAppletException(AppletViewer.java:1968)
at sun.applet.AppletPanel.run(AppletPanel.java:529)
at java.lang.Thread.run(Thread.java:613)
========================================
This appears like a permissions problem, but I've fixed permissions several times.
Any idea what the problem is, and is it fixable from my end?

Problem has finally -- over a year later -- just gone away.

Sun Java security problems

Please any one tel me about Sun Java security problems
with Desktop application

Hi.
If you're using SSGD 4.41, please download the Admin guide from here:
http://docs.sun.com/app/docs/doc/820-4907
There, at page #41 you'll find useful info concerning "Client Connections and Security Warnings".
Hope this helps,
Rob

Installation problem: "Java Security Configuration Asistant" failed

Hello, does anybody can help for the following installation problem of Oracle Enterprise Manager 10g:
During installation, when I come to the step "Configuration Asistants", the "Java Security Configuration Asistant" can not pass, it always failed even after retry. Pls help!!!

I'm having the same problem installing on W2K, what I discovered is that it's unable to start listener, I hat to start it manually but it still won't end tihs task.
I also have a 9i Client / Manager software installed in a 9i Home which disapeared from home selector.
If I try to deinstall OEM10G it'll just get to a 2% advance and stop...
...is this a BETA?

Urgent help java security problem

hi,
i am trying to run simple message example in tahiti but all the time i got this error:
java.security.AccessControlException: acces denied (com.ibm.aglets.security.contextPermission atp://mycomputername:4434/@ReplyChild create) java.lang.NullPointerException
please i have to submit this code iknow it is right but what is the problem??why i am getting this error??please help

Well what you are doing is trying to access a local file from an Applet, an operation that won't be permitted by the default applet security model.
I guess what you want is to fetch the file from a directory related to the path of the applet classes. To do this you need to use the URL class and the associated constructors of the ImageIcon class. To form the URL to the image file:
String fileName="warning.gif";
URL codeBase= this.getCodeBase();
URL imageURL= new URL(codeBase, fileName);
ImageIcon warning = new ImageIcon(imageURL);

Installation Problem --- Stuck at "Java Security Configuration Assistant"

When installing Oracle BI 10g, the procedure stuck at "Java Security Configuration Assistant"
Output generated from configuration assistant "Java Security Configuration Assistant":
Invoking command:C:\OraHome_1\dcm\bin\dcmctl.bat resyncInstance
OS: Windows 2003 Ent. (SP1)
Memory: 1G
Does anybody knows the reason? and solve
Thanks,

Hello,
just to keep you inform.
I put that project on the side for a while... But this morning, I tried Branislav recommendation.
So, I completely uninstall my McAffe Firewall and reboot the computer.
After that, I completely re-install the application server and everything work fine. It only took around 2-3 seconds to do the resyncinstance and updateconfig, compare to 3 hours the last time just for the resyncinstance. Total time for the infrastructure installation was around 1 hour.
Like Branislav said, only stopping the McAfee Firewall was not enough.
Thanks

Java Webstart application problem with TLS certificate revocation checks (Java 1.7.0_76)

We have a problem with our Java Web Start Application regarding the TLS certificate revocation check:
The application is running on a server within a wide area network which is separated from the internet.
The application users have access to the WAN, and also access to the internet over some corporate proxy/firewall.
The user has to enter, for example "https://my-site.de/myapp/ma.jnlp" within a webbrowser or could also call "javaws https://my-site.de/myapp/ma.jnlp" to start the application client.
The webserver has a certificate from a trusted certificate authority. This certificate seems to be ok, the browser is even configured to perform OCSP status check.
The application files are signed with a certificate from another trusted certificate authority. This certificate seems also to be ok. Regarding this certificate there
are no problems with certificate revocation checks.
The problem is, while starting the application client there is a message box which tell us something like "the connection to this website ist not trustworthy",
"Website: https://my-site.de:80", and something about an invalid certificate, meaning the webserver certificate.
Obviously the jvm runtime, which is executed on the users workstation, tries to perform a revocation check for the webservers certificate, but this fails because
it cannot fetch the certificate under https://my-site.de:80.
The application will execute without further problems after that message but the users are very concerned about the "invalid" certificate, so here are my questions:
- Why is the application trying to get the webserver certificate over Port 80. Our application developers told me, there is no corresponding statement. Calling this address
has to fail while "https://my-site.de:443" or "https://my-site.de" would not have a problem.
- Is there a way to make the application go on without performing a tls revocation check? I mean, by adjusting the application sourcecode and not by configuring the users Java Control Panel.
While disabling the TLS Certificate Revocation check in the Java Control Panel, the Webstart Application executes without a warning message, but this is not a workable solution for
our users.
It would be great if someone can help me with a hint so i can send our developers into the right direction;-)
Many thanks!
This is a part from a java console output after calling "javaws -verbose https://my-site.de/myapp/"
(sorry for this is in german... and also my english above)
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
security: OCSP Response: GOOD
network: Verbindung von http://ocsp.serverpass.telesec.de/ocspr mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
security: UNAUTHORIZED
security: Failing over to CRLs: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
network: Cacheeintrag gefunden [URL: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl, Version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl
cache: Resource http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl has expired.
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird hergestellt
network: ResponseCode für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: 200
network: Codierung für http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl: null
network: Verbindung mit http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl trennen
CacheEntry[http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl]: updateAvailable=true,lastModified=Tue Mar 24 10:50:01 CET 2015,length=53241
network: Verbindung von http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl mit Proxy=HTTP @ internet-proxy.***:80 wird
network: Verbindung von socket://ldap.serverpass.telesec.de:389 mit Proxy=DIRECT wird hergestellt
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
    at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 35 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    at sun.security.provider.certpath.OCSP.check(Unknown Source)
    ... 36 more
security: Ungültiges Zertifikat vom HTTPS-Server
network: Cacheeintrag nicht gefunden [URL: https://my-site.de:80, Version: null]

Add the JSF Jars to the WEB-INF/lib directory of the application. If still getting error add to the CLASSPATH variable in the startWebLogic script in the domain/bin directory.

Error in weblogic7.0 :java.security.NoSuchAlgorithmException:

Hi All
thanks in advance.
i am facing a peculiar problem while using SunJce provider
i have some classes to encrypt& decrypt some information using
DeffieHellman protocol.
Problem 1
while i am running those classes in command prompts
some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
I am using JDK1.3 which comes with weblogic and jce1.2.2
for classpath and path setting
set path=D:\bea\jdk131_03\bin
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
Problem 2
While i am using those classes in servlet and jsp which are deployed in weblogic 7
Some time i am getting correct results
but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import com.sun.crypto.provider.SunJCE;
public class DiffieHellmanKeyGeneRation {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
* DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
* and assigns it to the instance variables .
* @param nil
* @returns nil
public DiffieHellmanKeyGeneRation(){
     try {
String mode = "GENERATE_DH_PARAMS";
               run(mode);
} catch (Exception e) {
System.err.println("Error: " + e);
System.exit(1);
* getAlicePubKey() -Return the Instance Variable alicePubKey
* @param nil
* @returns PublicKey
public PublicKey getAlicePubKey()
return alicePubKey;
* getBobPubKey() -Return the Instance Variable bobPubKey
* @param nil
* @returns PublicKey
public PublicKey getBobPubKey()
return bobPubKey;
* getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
* @param nil
* @returns KeyAgreement
     public KeyAgreement getAliceKeyAgree()
return aliceKeyAgree;
* getBobKeyAgree() -Return the Instance Variable bobKeyAgree
* @param nil
* @returns KeyAgreement
public KeyAgreement getBobKeyAgree()
return bobKeyAgree;
*run() method -Generate Algorithm instance,KeySpec,and keypair
* and assigns it to the instance variables .
* @param String
* @returns nil
private void run(String mode) throws Exception {
DHParameterSpec dhSkipParamSpec=null;
// System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512);
AlgorithmParameters params = paramGen.generateParameters();
dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
* Alice creates her own DH key pair, using the DH parameters from
* above
// System.out.println("ALICE: Generate DH keypair ...");
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// Alice creates and initializes her DH KeyAgreement object
// System.out.println("ALICE: Initialization ...");
aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
// Alice encodes her public key, and sends it over to Bob.
byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
* Let's turn over to Bob. Bob has received Alice's public key
* in encoded format.
* He instantiates a DH public key from the encoded key material.
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
* Bob gets the DH parameters associated with Alice's public key.
* He must use the same parameters when he generates his own key
* pair.
DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
// Bob creates his own DH key pair
// System.out.println("BOB: Generate DH keypair ...");
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Bob creates and initializes his DH KeyAgreement object
// System.out.println("BOB: Initialization ...");
bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKpair.getPrivate());
// Bob encodes his public key, and sends it over to Alice.
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
* Alice uses Bob's public key for the first (and only) phase
* of her version of the DH
* protocol.
* Before she can do so, she has to instanticate a DH public key
* from Bob's encoded key material.
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
2)
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import sun.misc.*;
import com.sun.crypto.provider.SunJCE;
public class DHEncryptDecrypt {
PublicKey alicePubKey=null;
     PublicKey bobPubKey=null;
     KeyAgreement aliceKeyAgree =null;
     KeyAgreement bobKeyAgree =null;
     SecretKey bobDesKey = null;
     SecretKey aliceDesKey =null;
* DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variables .
* @param nil
* @returns nil
     public DHEncryptDecrypt()
          try{
          init();
     }catch(Exception e){e.printStackTrace();}
* init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variable ds.
* @param nil
* @returns nil
private void init() throws Exception
     System.out.println("Initialising...");
               DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
               alicePubKey=dhPubKey.getAlicePubKey();
               bobPubKey=dhPubKey.getBobPubKey();
aliceKeyAgree=dhPubKey.getAliceKeyAgree();
               bobKeyAgree=dhPubKey.getBobKeyAgree();
//System.out.println("ALICE: Execute PHASE1 ...");
aliceKeyAgree.doPhase(bobPubKey, true);
     * Bob uses Alice's public key for the first (and only) phase
     * of his version of the DH
     * protocol.
// System.out.println("BOB: Execute PHASE1 ...");
bobKeyAgree.doPhase(alicePubKey, true);
* At this stage, both Alice and Bob have completed the DH key
* agreement protocol.
* Both generate the (same) shared secret.
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
int aliceLen = aliceSharedSecret.length;
byte[] bobSharedSecret = new byte[aliceLen];
int bobLen;
/* try {
// show example of what happens if you
// provide an output buffer that is too short
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
} catch (ShortBufferException e) {
System.out.println(e.getMessage());
// provide output buffer of required size
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
          if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Shared secrets differ");
//System.out.println("Shared secrets are the same");
// System.out.println("Return shared secret as SecretKey object ...");
// Bob
// Note: The call to bobKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
bobKeyAgree.doPhase(alicePubKey, true);
bobDesKey = bobKeyAgree.generateSecret("DES");
// Alice
// Note: The call to aliceKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
aliceKeyAgree.doPhase(bobPubKey, true);
aliceDesKey = aliceKeyAgree.generateSecret("DES");
* encrypt() - Alice encrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
          public String encrypt(String ClearText) throws Exception
     String CipherText=null;
               try{
               // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
          Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
     aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
               byte[] cleartext = ClearText.getBytes();
               //System.out.println("cleartext Array:"+ cleartext.size);
               byte[] ciphertext = aliceCipher.doFinal(cleartext);
// BASE64Encoder b64e = new BASE64Encoder();
               //CipherText = b64e.encode(ciphertext);
               CipherText = new String(ciphertext);
               }catch(Exception e){e.printStackTrace();}
     return CipherText;
* encrypt() - Bob Decrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
public String decrypt(String CipherText) throws Exception
String Recovered=null;
     try{
          // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
// System.out.println("Length of String is:"+CipherText.length());
               Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
          bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
               byte[] CipherTextBytes=CipherText.getBytes();
byte[] recovered = bobCipher.doFinal(CipherTextBytes);
               Recovered=new String(recovered);
          // System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
}catch(Exception e){e.printStackTrace();}
     return Recovered;
and i am using following logic to encrypt and decrypt
String MyPlainText ="sm_user=residential&csol_account=383784";
//String MyPlainText ="This is my message";
     System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
try{
     DHEncryptDecrypt ed=new DHEncryptDecrypt();
String CipherText=(ed.encrypt(MyPlainText));
               BASE64Encoder b64e = new BASE64Encoder();
               String CipherText1 = b64e.encode(CipherText.getBytes());
System.out.println("\n\nUserInfo="+CipherText1);
     String DecryptedMessage=ed.decrypt(CipherText);
System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
     }catch(Exception e){e.printStackTrace();}
and my java.security file in D:\ bea\jdk131_03\jre\lib\security
is changed to add the provider as
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
Pls help me to resolve the magic shown by these classes.....some time right and some time worng
mainly i need help in
Badpadding Exception and NosuchAlogorithm exception in weblogic
Thanks
And regards
Arati

replace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
this should at least fix your "Badpadding exception" problem (it did fix it for me).

Can't open Security & Privacy preference pane?...please help.

Hi All,
I would be grateful if anyone could assist... I can't seem to open the security & privacy preference pane. I receive the following "Preferences Error" upon trying to click the icon in my system preferences:
First click: You can’t open Security & Privacy preferences because it doesn’t work on an Intel-based Mac.
Second click: Could not load Security & Privacy preference pane.
I noticed the issue this past week when I installed some monitor callibration software. After downloading, the software's interface text did not load (it was simply blank for the drop down menus). The manufacturer tried to help me by clearing font cache and such, but that was not the issue. When he next directed me to the S&P pane, that's when I noticed I couldn't open it to adjust anything.
* I did go into Users & Groups and created a new admin user. I was then able to open the Security & Privacy pane, and load the monitor calibration software without any problems, so it seems to be a user issue I suppose? Tried to trash some security preferences, reinstalled 10.8.2, but with no luck.
Thanks for your assistance!

Try booting into the Safe Mode. Shut down the computer and then power it back up. Immediately after hearing the startup chime, hold down the shift key and continue to hold it until the gray Apple icon and a progress bar appear. The boot up is significantly slower than normal. This does some maintenance routines and 3rd party applications don't load. Sometimes 3rd party applications are the problem. If your normal user account works in Safe Mode, it is probably a 3rd part application.
Safe Mode
Safe Mode - About
General information.
Isolating issues in Mac OS X
Troubleshooting Permission Issues
Step by Step to Fix Your Mac

Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.

I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
deployment.properties entries after addition of my jre entry:
#deployment.properties
#Fri Sep 28 14:09:24 PDT 2012
deployment.javapi.lifecycle.exception=true
deployment.trace=true
deployment.javaws.viewer.bounds=323,144,720,360
deployment.javaws.autodownload=NEVER
deployment.version=6.0
deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
deployment.security.mixcode=HIDE_RUN
deployment.log=true
deployment.console.startup.mode=SHOW
deployment.capture.mime.types=true
#Java Deployment jre's
#Fri Sep 28 14:09:24 PDT 2012
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.product=1.6.0_33
deployment.javaws.jre.0.osarch=x86
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=false
deployment.javaws.jre.0.args=
deployment.javaws.jre.1.enabled=true
deployment.javaws.jre.1.registered=true
deployment.javaws.jre.1.osname=Windows
deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.osarch=x86
deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.1.platform=1.6
deployment.javaws.jre.1.product=1.6.0_29
Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.

I'm having a similar problem and I think it is related with this.
If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
I have a method that handles the Java--->Javascript calls and goes something like this:
System.out.println("Calling Javascript...");
JSObject win = JSObject.getWindow(this);
win.call(jsEventHandler, new Object[] { json.toString() });
System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
Could you explain in more detail the queue based solution you found? Any other ideas?
Regards,
André Tavares.

How can i deal with java.security.AccessControlException?

Hi all, I need to implement JavaMail using Servlet and deploy throught J2EE deployment tool. But when i test out the servlet i will always encounter this exception thrown. How can i solve this?
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
This is the servlet i am testing. Please advise. Thanks in advance!
* @(#)JavaMailServlet.java 1.3 99/12/06
* Copyright 1998, 1999 Sun Microsystems, Inc. All Rights Reserved.
* This software is the proprietary information of Sun Microsystems, Inc.
* Use is subject to license terms.
import java.io.*;
import java.util.*;
import java.text.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;
* This is a servlet that demonstrates the use of JavaMail APIs
* in a 3-tier application. It allows the user to login to an
* IMAP store, list all the messages in the INBOX folder, view
* selected messages, compose and send a message, and logout.
* 
* Please note: This is NOT an example of how to write servlets!
* This is simply to show that JavaMail can be used in a servlet.
* 
* For more information on this servlet, see the
* JavaMailServlet.README.txt file.
* 
* For more information on servlets, see
* * http://java.sun.com/products/java-server/servlets/index.html
* @author Max Spivak
public class JavaMailServlet extends HttpServlet implements SingleThreadModel {
String protocol = "POP3";
String mbox = "INBOX";
* This method handles the "POST" submission from two forms: the
* login form and the message compose form. The login form has the
* following parameters: <code>hostname</code>, <code>username</code>,
* and <code>password</code>. The <code>send</code> parameter denotes
* that the method is processing the compose form submission.
public void doPost(HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
// get the session
 HttpSession ssn = req.getSession(true);
 String send = req.getParameter("send");
String host = req.getParameter("hostname");
String user = req.getParameter("username");
String passwd = req.getParameter("password");
URLName url = new URLName(protocol, host, -1, mbox, user, passwd);
ServletOutputStream out = res.getOutputStream();
 res.setContentType("text/html");
 out.println("<html><body bgcolor=\"#CCCCFF\">");
 if (send != null) {
 // process message sending
 send(req, res, out, ssn);
 } else {
 // initial login
 // create
 MailUserData mud = new MailUserData(url);
 ssn.putValue("javamailservlet", mud);
 try {
 Properties props = System.getProperties();
 System.out.println("url");
 props.put("mail.smtp.host", host);
 Session session = Session.getDefaultInstance(props, null);
 session.setDebug(false);
 Store store = session.getStore(url);
 store.connect();
 Folder folder = store.getDefaultFolder();
 if (folder == null)
 throw new MessagingException("No default folder");
 folder = folder.getFolder(mbox);
 if (folder == null)
 throw new MessagingException("Invalid folder");
 folder.open(Folder.READ_WRITE);
 int totalMessages = folder.getMessageCount();
 Message[] msgs = folder.getMessages();
 FetchProfile fp = new FetchProfile();
 fp.add(FetchProfile.Item.ENVELOPE);
 folder.fetch(msgs, fp);
 // track who logged in
 System.out.println("Login from: " + store.getURLName());
 // save stuff into MUD
 mud.setSession(session);
 mud.setStore(store);
 mud.setFolder(folder);
 // splash
 out.print("<center>");
 out.print("");
 out.println("Welcome to JavaMail!</center>");
 // folder table
 out.println("<table width=\"50%\" border=0 align=center>");
 // folder name column header
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("FolderName</td> ");
 // msg count column header
 out.print("<td width=\"25%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("Messages</td> ");
 out.println("</tr>");
 // folder name
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffff\">");
 out.print("<a href=\"" + HttpUtils.getRequestURL(req) + "\">" +
 "Inbox" + "</a></td> ");
 // msg count
 out.println("<td width=\"25%\" bgcolor=\"#ffffff\">" +
 totalMessages + "</td>");
 out.println("</tr>");
 out.println("</table");
 } catch (Exception ex) {
 out.println(ex.toString());
 } finally {
 out.println("</body></html>");
 out.close();
* This method handles the GET requests for the client.
public void doGet (HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
HttpSession ses = req.getSession(false); // before we write to out
ServletOutputStream out = res.getOutputStream();
 MailUserData mud = getMUD(ses);
 if (mud == null) {
 res.setContentType("text/html");
 out.println("<html><body>Please Login (no session)</body></html>");
 out.close();
 return;
 if (!mud.getStore().isConnected()) {
 res.setContentType("text/html");
 out.println("<html><body>Not Connected To Store</body></html>");
 out.close();
 return;
 // mux that takes a GET request, based on parameters figures
 // out what it should do, and routes it to the
 // appropriate method
 // get url parameters
 String msgStr = req.getParameter("message");
String logout = req.getParameter("logout");
 String compose = req.getParameter("compose");
 String part = req.getParameter("part");
 int msgNum = -1;
 int partNum = -1;
 // process url params
 if (msgStr != null) {
 // operate on message "msgStr"
 msgNum = Integer.parseInt(msgStr);
 if (part == null) {
 // display message "msgStr"
res.setContentType("text/html");
 displayMessage(mud, req, out, msgNum);
 } else if (part != null) {
 // display part "part" in message "msgStr"
 partNum = Integer.parseInt(part);
displayPart(mud, msgNum, partNum, out, res);
 } else if (compose != null) {
 // display compose form
 compose(mud, res, out);
} else if (logout != null) {
 // process logout
try {
mud.getFolder().close(false);
mud.getStore().close();
 ses.invalidate();
out.println("<html><body>Logged out OK</body></html>");
} catch (MessagingException mex) {
out.println(mex.toString());
 } else {
 // display headers
 displayHeaders(mud, req, out);
/* main method to display messages */
private void displayMessage(MailUserData mud, HttpServletRequest req,
 ServletOutputStream out, int msgNum)
 throws IOException {
 out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\">");
 out.print("<center>");
 out.println("Message " + (msgNum+1) + " in folder " +
 mud.getStore().getURLName() +
 "/INBOX</center>");
 try {
 Message msg = mud.getFolder().getMessage(msgNum);
 // first, display this message's headers
 displayMessageHeaders(mud, msg, out);
 // and now, handle the content
 Object o = msg.getContent();
 //if (o instanceof String) {
 if (msg.isMimeType("text/plain")) {
 out.println("<pre>");
 out.println((String)o);
 out.println("</pre>");
 //} else if (o instanceof Multipart){
 } else if (msg.isMimeType("multipart/*")) {
 Multipart mp = (Multipart)o;
 int cnt = mp.getCount();
 for (int i = 0; i < cnt; i++) {
 displayPart(mud, msgNum, mp.getBodyPart(i), i, req, out);
 } else {
 out.println(msg.getContentType());
 } catch (MessagingException mex) {
 out.println(mex.toString());
 out.println("</BODY></html>");
 out.close();
* This method displays a message part. <code>text/plain</code>
* content parts are displayed inline. For all other parts,
* a URL is generated and displayed; clicking on the URL
* brings up the part in a separate page.
private void displayPart(MailUserData mud, int msgNum, Part part,
 int partNum, HttpServletRequest req,
 ServletOutputStream out)
 throws IOException {
 if (partNum != 0)
 out.println("<hr>");
try {
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 if (partNum != 0)
 out.println("Attachment Type: " +
 ct.getBaseType() + " ");
 if (ct.match("text/plain")) {
 // display text/plain inline
 out.println("<pre>");
 out.println((String)part.getContent());
 out.println("</pre>");
 } else {
 // generate a url for this part
 String s;
 if ((s = part.getFileName()) != null)
 out.println("Filename: " + s + " ");
 s = null;
 if ((s = part.getDescription()) != null)
 out.println("Description: " + s + " ");
 out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?message=" +
 msgNum + "&part=" +
 partNum + "\">Display Attachment</a>");
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This method gets the stream from for a given msg part and
* pushes it out to the browser with the correct content type.
* Used to display attachments and relies on the browser's
* content handling capabilities.
private void displayPart(MailUserData mud, int msgNum,
 int partNum, ServletOutputStream out,
 HttpServletResponse res)
 throws IOException {
 Part part = null;
try {
 Message msg = mud.getFolder().getMessage(msgNum);
 Multipart mp = (Multipart)msg.getContent();
 part = mp.getBodyPart(partNum);
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 res.setContentType(ct.getBaseType());
 InputStream is = part.getInputStream();
 int i;
 while ((i = is.read()) != -1)
 out.write(i);
 out.flush();
 out.close();
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This is a utility message that pretty-prints the message
* headers for message that is being displayed.
private void displayMessageHeaders(MailUserData mud, Message msg,
 ServletOutputStream out)
 throws IOException {
 try {
 out.println("Date: " + msg.getSentDate() + " ");
Address[] fr = msg.getFrom();
if (fr != null) {
boolean tf = true;
out.print("From: ");
for (int i = 0; i < fr.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(fr));
tf = false;
out.println(" ");
Address[] to = msg.getRecipients(Message.RecipientType.TO);
if (to != null) {
boolean tf = true;
out.print("To: ");
for (int i = 0; i < to.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(to[i]));
tf = false;
out.println(" ");
Address[] cc = msg.getRecipients(Message.RecipientType.CC);
if (cc != null) {
boolean cf = true;
out.print("CC: ");
for (int i = 0; i < cc.length; i++) {
out.print(((cf) ? " " : ", ") + getDisplayAddress(cc[i]));
 cf = false;
out.println(" ");
 out.print("Subject: " +
 ((msg.getSubject() !=null) ? msg.getSubject() : "") +
 " ");
} catch (MessagingException mex) {
 out.println(msg.toString());
* This method displays the URL's for the available commands and the
* INBOX headerlist
private void displayHeaders(MailUserData mud,
 HttpServletRequest req,
ServletOutputStream out)
 throws IOException {
SimpleDateFormat df = new SimpleDateFormat("EE M/d/yy");
out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\"><hr>");
 out.print("<center>");
 out.println("Folder " + mud.getStore().getURLName() +
 "/INBOX</center>");
 // URL's for the commands that are available
 out.println("");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?logout=true\">Logout</a>");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?compose=true\" target=\"compose\">Compose</a>");
 out.println("");
 out.println("<hr>");
 // List headers in a table
out.print("<table cellpadding=1 cellspacing=1 "); // table
 out.println("width=\"100%\" border=1>"); // settings
 // sender column header
 out.println("<tr><td width=\"25%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Sender</td>");
 // date column header
 out.println("<td width=\"15%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Date</td>");
 // subject column header
 out.println("<td bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Subject</td></tr>");
 try {
 Folder f = mud.getFolder();
 int msgCount = f.getMessageCount();
 Message m = null;
 // for each message, show its headers
 for (int i = 1; i <= msgCount; i++) {
m = f.getMessage(i);
 // if message has the DELETED flag set, don't display it
 if (m.isSet(Flags.Flag.DELETED))
 continue;
 // from
out.println("<tr valigh=middle>");
out.print("<td width=\"25%\" bgcolor=\"ffffff\">");
 out.println("" +
 ((m.getFrom() != null) ?
 m.getFrom()[0].toString() :
 "" ) +
 "</td>");
 // date
out.print("<td nowrap width=\"15%\" bgcolor=\"ffffff\">");
 out.println("" +
df.format((m.getSentDate()!=null) ?
 m.getSentDate() : m.getReceivedDate()) +
 "</td>");
 // subject & link
out.print("<td bgcolor=\"ffffff\">");
 out.println("" +
 "<a href=\"" +
 HttpUtils.getRequestURL(req) +
"?message=" +
i + "\">" +
((m.getSubject() != null) ?
 m.getSubject() :
 "No Subject") +
"</a>" +
"</td>");
out.println("</tr>");
 } catch (MessagingException mex) {
 out.println("<tr><td>" + mex.toString() + "</td></tr>");
 mex.printStackTrace();
 out.println("</table>");
 out.println("</BODY></html>");
 out.flush();
 out.close();
* This method handles the request when the user hits the
* Compose link. It send the compose form to the browser.
private void compose(MailUserData mud, HttpServletResponse res,
 ServletOutputStream out)
 throws IOException {
 res.setContentType("text/html");
 out.println(composeForm);
 out.close();
* This method processes the send request from the compose form
private void send(HttpServletRequest req, HttpServletResponse res,
 ServletOutputStream out, HttpSession ssn)
 throws IOException {
String to = req.getParameter("to");
 String cc = req.getParameter("cc");
 String subj = req.getParameter("subject");
 String text = req.getParameter("text");
 try {
 MailUserData mud = getMUD(ssn);
 if (mud == null)
 throw new Exception("trying to send, but not logged in");
 Message msg = new MimeMessage(mud.getSession());
 InternetAddress[] toAddrs = null, ccAddrs = null;
 if (to != null) {
 toAddrs = InternetAddress.parse(to, false);
 msg.setRecipients(Message.RecipientType.TO, toAddrs);
 } else
 throw new MessagingException("No \"To\" address specified");
 if (cc != null) {
 ccAddrs = InternetAddress.parse(cc, false);
 msg.setRecipients(Message.RecipientType.CC, ccAddrs);
 if (subj != null)
 msg.setSubject(subj);
 URLName u = mud.getURLName();
 msg.setFrom(new InternetAddress(u.getUsername() + "@" +
 u.getHost()));
 if (text != null)
 msg.setText(text);
 Transport.send(msg);
 out.println("<h1>Message sent successfully</h1></body></html>");
 out.close();
 } catch (Exception mex) {
 out.println("<h1>Error sending message.</h1>");
 out.println(mex.toString());
 out.println(" </body></html>");
// utility method; returns a string suitable for msg header display
private String getDisplayAddress(Address a) {
String pers = null;
String addr = null;
if (a instanceof InternetAddress &&
((pers = ((InternetAddress)a).getPersonal()) != null)) {
 addr = pers + " "+"<"+((InternetAddress)a).getAddress()+">";
} else
addr = a.toString();
return addr;
// utility method; retrieve the MailUserData
// from the HttpSession and return it
private MailUserData getMUD(HttpSession ses) throws IOException {
 MailUserData mud = null;
 if (ses == null) {
 return null;
 } else {
 if ((mud = (MailUserData)ses.getValue("javamailservlet")) == null){
 return null;
 return mud;
public String getServletInfo() {
return "A mail reader servlet";
* This is the HTML code for the compose form. Another option would
* have been to use a separate html page.
private static String composeForm = "<HTML><HEAD><TITLE>JavaMail Compose</TITLE></HEAD><BODY BGCOLOR=\"#CCCCFF\"><FORM ACTION=\"/servlet/JavaMailServlet\" METHOD=\"POST\"><input type=\"hidden\" name=\"send\" value=\"send\">JavaMail Compose Message<TABLE BORDER=\"0\" WIDTH=\"100%\"><TR><TD WIDTH=\"16%\" HEIGHT=\"22\"> To:</TD><TD WIDTH=\"84%\" HEIGHT=\"22\"><INPUT TYPE=\"TEXT\" NAME=\"to\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">CC:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"cc\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">Subject:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"subject\" SIZE=\"55\"></TD></TR><TR><TD WIDTH=\"16%\"> </TD><TD WIDTH=\"84%\"><TEXTAREA NAME=\"text\" ROWS=\"15\" COLS=\"53\"></TEXTAREA></TD></TR><TR><TD WIDTH=\"16%\" HEIGHT=\"32\"> </TD><TD WIDTH=\"84%\" HEIGHT=\"32\"><INPUT TYPE=\"SUBMIT\" NAME=\"Send\" VALUE=\"Send\"><INPUT TYPE=\"RESET\" NAME=\"Reset\" VALUE=\"Reset\"></TD></TR></TABLE></FORM></BODY></HTML>";
* This class is used to store session data for each user's session. It
* is stored in the HttpSession.
class MailUserData {
URLName url;
Session session;
Store store;
Folder folder;
public MailUserData(URLName urlname) {
 url = urlname;
public URLName getURLName() {
 return url;
public Session getSession() {
 return session;
public void setSession(Session s) {
 session = s;
public Store getStore() {
 return store;
public void setStore(Store s) {
 store = s;
public Folder getFolder() {
 return folder;
public void setFolder(Folder f) {
 folder = f;

You posted a thousand lines of badly-formatted code and didn't have the sense to say which one had the exception.
My guess is that it was this one:Session session = Session.getDefaultInstance(props, null);because that happened to me. I fixed it by calling getInstance instead of getDefaultInstance.
However if that isn't the problem, how about spending a few seconds to post a less useless question?

Java Security Error while Launching the Application through JNLP

Hi!,
I have a problem in launching my Application through JNLP. It is giving the Error dialog as "Unable to lauch application" with the dialog title as "Java Security Error".
I don't know why this problem is coming but when I have reset my profile on my system & then I tried to launch the same application & I got success.
Can anyone suggest me what was the problem?
Pradeep Gupta

hi,
usually it is the web dynpro launch system that is causing the issue, OR there is a misconfiguration in the backend like the tasks are set up with com.sap/esslea in the backend and the xml file is referencing sap.com <SWITCH>/esslea and the dynpro is showing this as not deployed.
Regards
Sharanya Rajagopal

Java.security.AccessControlException when calling web service from applet

I have an applet that calls a webservce (Xmethods' delayed stock quote service). When I run the applet in appletviewer, I get the following:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.security.AccessControlException: access denied (java.net.SocketPermission 66.28.98.121:9090 connect,resolve); targetException=java.lang.IllegalArgumentException:
Error opening socket: java.security.AccessControlException:
access denied
etc.....
My code works fine as an application, but not as an applet. (This was after I eventually had to extract the necessary SOAP .jar files into the same directory as my applet, but that's another topic...or maybe not?)
Help!
Regards,
John Kirksey

The default security settings does not give an applet to connect to any other server apart from the one from which it was downloaded. This is your problem. To mitigate that you have to change the security setting of the applet conatiner i.e the JVM in the browser.
Ironluca

Java.security.PrivilegedActionException while invoking web service on OC4J

Hi,
I have a developed web service in Jdeveloper which is hosted on OC4J app server. I am able to invoke it properly and get results using the web service end point in browser window.
Now I created a java proxy for this WS in Jdeveloper and tried invoking it inside another web service. I get the following error while the 1st WS is invoked:
2010-03-09 17:15:04.607 WARNING Unable to connect to URL: <internal web service URL> due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
10/03/09 17:15:04 java.rmi.RemoteException: ; nested exception is:
 HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
10/03/09 17:15:04 at autoauthorise.runtime.VehicleTypeSpecsWSSoapHttp_Stub.getVehicleTypeSpecs(VehicleTypeSpecsWSSoapHttp_Stub.java:91)
10/03/09 17:15:04 at com.bt.vehtype.ws.VehicleTypeSpecsWSSoapHttpPortClient.getVehicleTypeSpecs(VehicleTypeSpecsWSSoapHttpPortClient.java:40)
10/03/09 17:15:04 at com.bt.fleet.willow.ws.AutoAuthorise.autoAuthorise(AutoAuthorise.java:20)
10/03/09 17:15:04 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
10/03/09 17:15:04 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
10/03/09 17:15:04 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
10/03/09 17:15:04 at java.lang.reflect.Method.invoke(Method.java:585)
10/03/09 17:15:04 at oracle.j2ee.ws.server.ImplInvocationHandler.invoke(ImplInvocationHandler.java:126)
10/03/09 17:15:04 at $Proxy0.autoAuthorise(Unknown Source)
10/03/09 17:15:04 at com.bt.fleet.willow.ws.runtime.AutoAthoriseWSSoapHttp_Tie.invoke_autoAuthorise(AutoAthoriseWSSoapHttp_Tie.java:62)
10/03/09 17:15:04 at com.bt.fleet.willow.ws.runtime.AutoAthoriseWSSoapHttp_Tie.processingHook(AutoAthoriseWSSoapHttp_Tie.java:161)
10/03/09 17:15:04 at oracle.j2ee.ws.server.StreamingHandler.handle(StreamingHandler.java:287)
10/03/09 17:15:04 at oracle.j2ee.ws.server.JAXRPCProcessor.doEndpointProcessing(JAXRPCProcessor.java:356)
10/03/09 17:15:04 at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:283)
10/03/09 17:15:04 at oracle.j2ee.ws.server.JAXRPCProcessor.doRequestProcessing(JAXRPCProcessor.java:272)
10/03/09 17:15:04 at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:94)
10/03/09 17:15:04 at oracle.j2ee.ws.server.JAXRPCProcessor.doService(JAXRPCProcessor.java:128)
10/03/09 17:15:04 at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:170)
10/03/09 17:15:04 at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
Please help, I cant see any problem.
Edited by: Ankit_Screen on Mar 11, 2010 6:27 AM

can't anybody help me?

Java Security Model: Java Protection Domains

1.     Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o     Configurable policies -- no longer is the security policy hard-coded into the application.
o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2.     X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3.     Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4.     Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh Vishwakarma

Hi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team).

Java & security/Privacy Problem

Similar Messages

Maybe you are looking for