Java security? shellcode, the different overflows ect...
I am under the impression that pretty much all exploiting, shellcoding, the overflows and related terms are pretty much C, C++ and assembly. maybe a couple other really old languages i forgot to add.
i read that the new languages including java has massive protection from this as it is an interpreted language, making exploitation with those languages near impossible. am i to believe once the older languages are phased out, all the security holes will be phased out as well? I really find that hard to believe, can someone give me some insight to that theory?
with the faster hardware speeds hitting the market every day, the best reasons for keeping C I believe was speed. when will the old languages like C / C++ or assembly be completely phased out? will that eliminate exploiting?
You are wasting peoples time here because:
a) you're asking someone to help you achieve something unethical (gimme >teh codez so i can hack teh jav)
b) didn't take the time necesry to research this yourself.a) i am not a script kiddie (anymore :P). I also never asked for something unethical like an exploit to a java program that can be loaded into metasploit or whatever. i simply asked the difference between java and the older languages in regards to exploiting. also asked where the security in that regard might go if the older languages got phased out. (did not expect a full apa style paper). paraphrasing the l33t talk is completely false. I never asked for 'code to hack java'. Sorry for being curious about the topic though. (sarcasm not sorry)
b) i looked in many different places and even watched full videos on the topic but all had to do with C... java might be a little new for that. (you guys even posted stories about it being a new thing proving that point). Ive downloaded docs, books, and many other ways all mainly saying c assembly and so on. i think the two simple questions were justified along with the duke points.
I would like to thank DrClap for not complaining and answering perfectly. If you take a look at his answer, youll find he gave me no info to get the garbage file. I will also look into that cached ip page that seems to have what I was looking for. Once again sorry for missing a cached google page. (not sorry) :) I do plan on becoming a hacker (im aware not yet, and I mean real hacker not cracker).
i do believe 'learn how to use google 'java exploit' seems like sarcasm and / or mockery. especially when the results were simple news stories that didnt really help. might just be me though. i have been known to be too sensitive. :P
Thanks again DrClap
Similar Messages
-
Java.security.AccessControlException when executing java from the DB
Hello
I'm running a Oracle 10.1.0.3.0 on Linux
I'm having trouble with executing some java code from the DB.
I created following java stored procedure used to create the directory given by the parameter
package be.vlaamsparlement.dis.os_commands;
import java.io.*;
import java.lang.*;
import java.sql.*;
import java.util.*;
public class ManageOSDirectory {
public static String createDir(String directoryName) throws Exception
if ((new File(directoryName)).mkdirs())
{ return ("TRUE");}
else
{ return ("FALSE");}
Wrapped it in a pl/sql procedure an execute it as follows under DB schema DIS :
begin
declare
b boolean;
begin
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/1/');
end;
end;
Where /data/files/vp_docs/schv/ already exist, so the proc needs to create the direcories '2004-2005', 'jan' and '1'
this gives me following error :
ORA-29532: Java call terminated by uncaught Java exception: java.security.AccessControlException:
the Permission (java.io.FilePermission /data/files/vp_docs/schv/2004-2005/month/1 write) has not been granted to DIS.
The PL/SQL to grant this is dbms_java.grant_permission( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
I can't give this permission as the given directory does not yet exist. File permissions on os are ok and when i execute
the code on the os (not from the DB) it works fine.
This also worked on a Windows 10G DB without any extra grants.
Also, i can execute the followint
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/');
but if i then execute
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/');
I get the same error. So i can only creaet 1 directory beneath the schv directory
Any ideas anyone ?The Error message is right.
You need to:
Ensure the Directory exist in Unix.
Create the Directory in the Database as SYS.
Grant Read,Write permission on th DIrectory to DIS
Grant Java permission on th DIrectory to DIS (using the syntax already shown in the Error message).
See my example below (10g R1)
SQL> connect /as sysdba
Connected.
SQL> GRANT CONNECT,RESOURCE TO DIS IDENTIFIED BY DIS;
Grant succeeded.
SQL> create or replace directory DIS_DOWNLOAD_DIR as '/data/files/vp_docs/schv/2004-2005/month/1';
Directory created.
SQL> col DIRECTORY_PATH format a50
SQL> select * from dba_directories;
OWNER DIRECTORY_NAME DIRECTORY_PATH
SYS DIS_DOWNLOAD_DIR /data/files/vp_docs/schv/2004-2005/month/1
1 row selected.
SQL> GRANT READ,WRITE ON DIRECTORY "SYS"."DIS_DOWNLOAD_DIR" TO "DIS";
Grant succeeded.
SQL> EXECUTE DBMS_JAVA.GRANT_PERMISSION( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
2 /
PL/SQL procedure successfully completed.
SQL> -
Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.
I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
deployment.properties entries after addition of my jre entry:
#deployment.properties
#Fri Sep 28 14:09:24 PDT 2012
deployment.javapi.lifecycle.exception=true
deployment.trace=true
deployment.javaws.viewer.bounds=323,144,720,360
deployment.javaws.autodownload=NEVER
deployment.version=6.0
deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
deployment.security.mixcode=HIDE_RUN
deployment.log=true
deployment.console.startup.mode=SHOW
deployment.capture.mime.types=true
#Java Deployment jre's
#Fri Sep 28 14:09:24 PDT 2012
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.product=1.6.0_33
deployment.javaws.jre.0.osarch=x86
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=false
deployment.javaws.jre.0.args=
deployment.javaws.jre.1.enabled=true
deployment.javaws.jre.1.registered=true
deployment.javaws.jre.1.osname=Windows
deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.osarch=x86
deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.1.platform=1.6
deployment.javaws.jre.1.product=1.6.0_29
Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.I'm having a similar problem and I think it is related with this.
If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
I have a method that handles the Java--->Javascript calls and goes something like this:
System.out.println("Calling Javascript...");
JSObject win = JSObject.getWindow(this);
win.call(jsEventHandler, new Object[] { json.toString() });
System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
Could you explain in more detail the queue based solution you found? Any other ideas?
Regards,
André Tavares. -
How to use java security in a servelt with weblogic as a servlet engine?
Hi,
i want to use standard java security with a user defined permission in
servlet with wls 5.1 (Win nt) as a servelt engine.
WL-Home: f:\weblogic
Server: f:\weblogic\elan
Servlet: f:\weblogic\elan\elan\ServletGropsTest.class
The Servlet is registered in weblogic.properties:
weblogic.httpd.register.elan.ServletGropsTest=elan.ServletGropsTest
i've added this to the weblogic.policy:
grant codebase "file:f:/weblogic/elan/elan/" {
permission java.security.AllPermission;
The servlet code is:
SecurityManager m = System.getSecurityManager();
if (m != null) m.checkPermission(new AndisPermission("x","y"));
WLS throws the permission-exception:
Do Jul 18 11:54:54 GMT+02:00 2002:<E> <ServletContext-General> Servlet
failed with Exception
java.security.AccessControlException: access denied
(elan.AndisPermission x y)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java,
Compiled Code)
at java.lang.Exception.<init>(Exception.java, Compiled Code)
at java.lang.RuntimeException.<init>(RuntimeException.java,
Compiled Cod
at elan.ServletGropsTest.doGet(ServletGropsTest.java, Compiled
Code)
can anyone help?
regards
Andyran_t wrote:
...I am using java 1.3.Why are you using an utterly obsolete version of Java?
My program using log4j jar.
When i put the log4j.jar in a path that include spaces like "c:\Program files\",Try it as c:\Program%20files\ -
Is the java.security file the only file that specify the default key store type?
I am building a web services using netbeans. While an error came out saying "invalid keystore format". I think that is because I used to change the default key store type to "jceks" in the java.security file in the [java installation path]\jre\lib\security folder.
I changed it back to "jks". However, the error still exist. I wonder if the java.security file is the only file that defines the default key store type?
Thanks in adv!!!Hi Rohit,
For more info on java security policy file, please refer
http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html
Hope this helps!
Senthil Babu J -
Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?
We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your helpThanks for all the posting re. this issue....
I think the way Weblogic implemented "support" for JAAS in 8.1 totally
blows. In fact, when I asked BEA support about this, they basically sent me
an email saying that "Weblogic owns the JAAS configuration" so if you have a
security framework that is application server agnostic, but leverages JAAS
then you are screwed when deploying on Weblogic 8.1.
I looked for a workaround and believe that instead of using an entry in
java.security for your custom configuration class, if you set the JVM
parameter
-Dlogin.configuration.provider=com.foo.SecurityConfiguration
then what happens is that the Weblogic custom class
weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
to load the login module configuration and if that fails, it delegates to
com.foo.SecurityConfiguration. So this should enable both the weblogic
security framework and a custom security framework that are both based on
JAAS
I'm currently testing this out
"Lloyd Fernandes" <[email protected]> wrote in message
news:[email protected]...
>
Robert Greig <[email protected]> wrote:
Lloyd Fernandes wrote:
"Lloyd Fernandes" <[email protected]> wrote:
"Prashant Nayak" <[email protected]> wrote:
We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications
security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration
provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help
As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
>>>>
>>>>
The default Configuration implementation can be changed by settingthe
value of
the "login.configuration.provider" security property (in the Java
security
properties
file) to the fully qualified name of the desired Configurationimplementation
class. The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security,
where <JAVA_HOME> refers to the directory where the JDK was installed.
Have you tried to use a startup class to set the configuration providerusing
javax.security.auth.login.setConfiguration(YourConfigClass);
Weblogic probably uses this to set the configuration class to it'sown.
You have to consider whether this is really something you want to do
however. If you want to get WLS to use a custom authenticator use its
SSPIs. You can configure the order etc. in the admin console.
By overriding the configuration you override it for the server as a
whole which can mean for example that you cannot login to the admin
console. Having said this, from memory, I believe that the property is
ignored in WLS. However you can still call
Configuration.setConfiguration if you really want to.
The fact that there is a "global static" in the Configuration class is
a
Bad Thing IMHO, that was never really designed for an app server
environment.
Robert
If it is a bad thing to have a static how come Weblogic uses it instead ofthe
standard way of modifying the property in java security file - it isbecause
weblogic wants it's own way of implementing instead of using using the'plugable
module' architecture of JAAS.
When weblogic advertised that it will support JAAS the impression was thatWeblogic
would provide a login module that will implement the security mechanism itwanted
- instead it went it's own way.
Also consider the following
1. JAAS specifies a mechanism for multiple configurations based on a'application'.
This is not possible in the current 'weblogic security mechanism'
2. Weblogic says it supports JAAS but what it does not tell you is that inorder
to use available login modules you have to write a whole bunch of code tosupport
principal validators and authenticators. (I begin to wonder if write oncedeploy
anywhere is not part of Sun's certification process anymore) -
Getting java.security.AccessControlException
Platform:
OS: Sun OS 5.7
Weblogic Server 5.1.0
Service Pack 5
I've weblogic installed at /home/hement/sw/weblogic.
I'm deploying a bean (Session bean), which is simply creating an instance of
another class "SecurityTest" and calling its method in which I'm creating a
new SecurityManager. This class is in /home/hement/ejb directory.
Now when I invoke this bean, using a weblogic.policy file with following
lines:
-------------weblogic.policy----------------------
grant {
permission java.security.AllPermission;
the bean works fine, and the new SecurityManager is created.
But, if the change the above weblogic.policy file to
-------------weblogic.policy----------------------
grant codeBase "file:/home/-" {
permission java.security.AllPermission;
grant codeBase "file:${java.home}/-" {
permission java.security.AllPermission;
grant {
// Permission "enableSubstitution" needed to run the WebLogic console
permission java.io.SerializablePermission "enableSubstitution";
// Permission "modifyThreadGroup" required to run the WebLogic Server
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setContextClassLoader";
// Permission "setIO" needed to start a server from the WebLogic console
permission java.lang.RuntimePermission "setIO";
// Permission "getClassLoader" needed for many EJB clients
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "stopThread";
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version",
"read";
permission java.util.PropertyPermission "java.specification.vendor",
"read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version",
"read";
permission java.util.PropertyPermission "java.vm.specification.vendor",
"read";
permission java.util.PropertyPermission "java.vm.specification.name",
"read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
------------------------exception-----------------
the bean doesn't work fine, and throws the followig exception:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
createSecurityManager )
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java, Compiled Code)
at
java.security.AccessController.checkPermission(AccessController.java,
Compiled Code)
at java.lang.SecurityManager.checkPermission(SecurityManager.java,
Compi
led Code)
at java.lang.SecurityManager.<init>(SecurityManager.java, Compiled
Code)
at SecurityCreator.createSecurityManager(SecurityCreator.java,
Compiled
Code)
at ejbtests.securitytests.TestBean.testSecurity(TestBean.java,
Compiled
Code)
at
ejbtests.securitytests.TestBeanEOImpl.testSecurity(TestBeanEOImpl.jav
a, Compiled Code)
at
ejbtests.securitytests.TestBeanEOImpl_WLSkel.invoke(TestBeanEOImpl_WL
Skel.java, Compiled Code)
at
weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerOb
jectAdapter.java, Compiled Code)
at
weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicReques
tHandler.java, Compiled Code)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java, Compiled Code)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
Wed Sep 13 17:07:53 EDT 2000:<I> <EJB JAR deployment
/home/hsasan/sw/weblogic/cl
asses/myClasses/securitytest.jar> Exception in non-transactional EJB invoke:
java.rmi.RemoteException: java.security.AccessControlException: access
denied (j
ava.lang.RuntimePermission createSecurityManager ); nested exception is:
java.security.AccessControlException: access denied
(java.lang.RuntimePe
rmission createSecurityManager )
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
createSecurityManager )
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java, Compiled Code)
at
java.security.AccessController.checkPermission(AccessController.java,
Compiled Code)
at java.lang.SecurityManager.checkPermission(SecurityManager.java,
Compi
led Code)
at java.lang.SecurityManager.<init>(SecurityManager.java, Compiled Code)
at SecurityCreator.createSecurityManager(SecurityCreator.java,
Compiled
Code)
at ejbtests.securitytests.TestBean.testSecurity(TestBean.java,
Compiled
Code)
at
ejbtests.securitytests.TestBeanEOImpl.testSecurity(TestBeanEOImpl.jav
a, Compiled Code)
at
ejbtests.securitytests.TestBeanEOImpl_WLSkel.invoke(TestBeanEOImpl_WL
Skel.java, Compiled Code)
at
weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerOb
jectAdapter.java, Compiled Code)
at
weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicReques
tHandler.java, Compiled Code)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java, Compiled Code)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled
Code)
Any idea, why is it behaving like this? Your comments will be appreciated.
Thanks,
- HementWell, the reason of the error is:
netstat -o -n -a | findstr 1099
TCP 0.0.0.0:1099 0.0.0.0:0 LISTENING 2300This means the port 1099 is being used by any other Application.
Regards
Taton -
Java Security Error while Launching the Application through JNLP
Hi!,
I have a problem in launching my Application through JNLP. It is giving the Error dialog as "Unable to lauch application" with the dialog title as "Java Security Error".
I don't know why this problem is coming but when I have reset my profile on my system & then I tried to launch the same application & I got success.
Can anyone suggest me what was the problem?
Pradeep Guptahi,
usually it is the web dynpro launch system that is causing the issue, OR there is a misconfiguration in the backend like the tasks are set up with com.sap/esslea in the backend and the xml file is referencing sap.com <SWITCH>/esslea and the dynpro is showing this as not deployed.
Regards
Sharanya Rajagopal -
What do people think about the different Generic Java approaches?
I have seen a lot of different approaches for Generic Java, and when people find problems with each approach the normal response has been: the other approach is worse with such and such a problem, do you have a better way?
The different approaches I have seen are: (in no particular order)
Please correct me if I am wrong and add other approaches if they are worthy of mention.
1) PolyJ - by MIT
This is a completely different approach than the others, that introduces a new where clause for bounding the types, and involves changing java byte codes in order to meet it's goals.
Main comments were not a java way of doing things and far too greater risk making such big changes.
2) Pizza - by Odersky & Wadler
This aims at extending java in more ways than just adding Generics. The generic part of this was replaced by GJ, but with Pizza's ability to use primitives as generic types removed, and much bigger changes allowing GJ to interface with java.
Main comments were that Pizza doesn't work well with java, and many things in Pizza were done in parallel with java, hence were no longer applicable.
3) GJ - by Bracha, Odersky, Stoutamire & Wadler
This creates classes with erased types and bridging methods, and inserts casts when required when going back to normal java code.
Main comments are that type dependent operations such as new, instanceof, casting etc can't be done with parametric types, also it is not a very intuitive approach and it is difficult to work out what code should do.
4) Runtime Generic Information - by Natali & Viroli
Each instance holds information about its Runtime Type.
Main comments from people were that this consumes way too much memory as each instance holds extra information about its type, and the performance would be bad due to checking Type information at runtime that would have been known at compile.
5) NextGen - by Cartwright & Steele
For each parameterized class an abstract base class with types erased is made and then for each new type a lightweight wrapper class and interface are created re-using code from the base class to keep the code small.
Main comments from people were that this approach isn't as backwards compatible as GJ due to replacing the legacy classes with abstract base classes which can't be instantiated.
6) .NET common runtime - by Kennedy & Syme
This was written for adding Generics to C#, however the spec is also targeted at other languages such as VB.
Main comments from people were that this approach isn't java, hence it is not subject to the restrictions of changing the JVM like java is.
7) Fully Generated Generic Classes - by Agesen, Freund & Mitchell
For each new type a new class is generated by a custom class loader, with all the code duplicated for each different type.
Main comments from people were that the generated code size gets too big, and that it is lacking a base class for integration with legacy code.
8) JSR-14 - by Sun
This is meant to come up with a solution Generic Solution to be used in java. Currently it is heavily based on GJ and suffering from all the same problems as GJ, along with the fact that it is constantly undergoing change and so no one knows what to expect.
See this forum for comments about it.
As if we didn't have enough approaches already, here is yet another one that hopefully has all of the benefits, and none of the problems of the other approaches. It uses information learnt while experimenting with the other approaches. Now when people ask me if I think I have a better approach, I will have somewhere to point them to.
(I will be happy to answer questions concerning this approach).
9) Approach #x - by Phillips
At compile time 1 type is made per generic type with the same name.
e.g.class HashSet<TypeA> extends AbstractSet<TypeA> implements Cloneable, Serializable will be translated to a type: class HashSet extends AbstractSet implements Cloneable, SerializableAn instance of the class using Object as TypeA can now be created in 2 different ways.
e.g.Set a = new HashSet();
Set<Object> b = new HashSet<Object>();
//a.getClass().equals(b.getClass()) is trueThis means that legacy class files don't even need to be re-compiled in order to work with the new classes. This approach is completely backwards compatible.
Inside each type that was created from a generic type there is also some synthetic information.
Information about each of the bounding types is stored in a synthetic field.
Note that each bounding type may be bounded by a class and any number of interfaces, hence a ';' is used to separate bounding types. If there is no class Object is implied.
e.g.class MyClass<TypeA extends Button implements Comparable, Runnable; TypeB> will be translated to a type: class MyClass {
public static final Class[][] $GENERIC_DESCRIPTOR = {{Button.class, Comparable.class, Runnable.class}, {Object.class}};This information is used by a Custom Class Loader before generating a new class in order to ensure that the generic types are bounded correctly. It also gets used to establish if this class can be returned instead of a generated class (occurs when the generic types are the same as the bounding types, like for new HashSet<Object> above).
There is another synthetic field of type byte[] that stores bytes in order for the Custom Class Loader to generate the new Type.
There are also static methods corresponding to each method that contain the implementation for each method. These methods take parameters as required to gain access to fields, contructors, other methods, the calling object, the calling object class etc. Fields are passed to get and set values in the calling object. Constructors are passed to create new instances of the calling object. Other methods are passed when super methods are called from within the class. The calling object is almost always passed for non static methods, in order to do things with it. The class is passed when things like instanceof the generated type need to be done.
Also in this class are any non private methods that were there before, using the Base Bounded Types, in order that the class can be used exactly as it was before Generics.
Notes: the time consuming reflection stuff is only done once per class (not per instance) and stored in static fields. The other reflection stuff getting done is very quick in JDK1.4.1 (some earlier JDKs the same can not be said).
Also these static methods can call each other in many circumstances (for example when the method getting called is private, final or static).
As well as the ClassLoader and other classes required by it there is a Reflection class. This class is used to do things that are known to be safe (assuming the compiler generated the classes correctly) without throwing any exceptions.
Here is a cut down version of the Reflection class: public final class Reflection {
public static final Field getDeclaredField(Class aClass, String aName) {
try {
Field field = aClass.getDeclaredField(aName);
field.setAccessible(true);
return field;
catch (Exception ex) {
throw new Error(ex);
public static final Object get(Field aField, Object anObject) {
try {
return aField.get(anObject);
catch (Exception ex) {
throw new Error(ex);
public static final void set(Field aField, Object anObject, Object aValue) {
try {
aField.set(anObject, aValue);
catch (Exception ex) {
throw new Error(ex);
public static final int getInt(Field aField, Object anObject) {
try {
return aField.getInt(anObject);
catch (Exception ex) {
throw new Error(ex);
public static final void setInt(Field aField, Object anObject, int aValue) {
try {
aField.setInt(anObject, aValue);
catch (Exception ex) {
throw new Error(ex);
}Last but not least, at Runtime one very lightweight wrapper class per type is created as required by the custom class loader. Basically the class loader uses the Generic Bytes as the template replacing the erased types with the new types. This can be even faster than loading a normal class file from disk, and creating it.
Each of these classes has any non private methods that were there before, making calls to the generating class to perform their work. The reason they don't have any real code themselves is because that would lead to code bloat, however for very small methods they can keep their code inside their wrapper without effecting functionality.
My final example assumes the following class name mangling convention:
* A<component type> - Array
* b - byte
* c - char
* C<class name length><class name> - Class
* d - double
* f - float
* i - int
* l - long
* z - boolean
Final Example: (very cut down version of Vector)public class Vector<TypeA> extends AbstractList<TypeA> implements RandomAccess, Cloneable, Serializable {
protected Object[] elementData;
protected int elementCount;
protected int capacityIncrement;
public Vector<TypeA>(int anInitialCapacity, int aCapacityIncrement) {
if (anInitialCapacity < 0) {
throw new IllegalArgumentException("Illegal Capacity: " + anInitialCapacity);
elementData = new Object[initialCapacity];
capacityIncrement = capacityIncrement;
public synchronized void setElementAt(TypeA anObject, int anIndex) {
if (anIndex >= elementCount) {
throw new ArrayIndexOutOfBoundsException(anIndex + " >= " + elementCount);
elementData[anIndex] = anObject;
}would get translated as:public class Vector extends AbstractList implements RandomAccess, Cloneable, Serializable {
public static final Class[][] $GENERIC_DESCRIPTOR = {{Object.class}};
public static final byte[] $GENERIC_BYTES = {/*Generic Bytes Go Here*/};
protected Object[] elementData;
protected int elementCount;
protected int capacityIncrement;
private static final Field $0 = Reflection.getDeclaredField(Vector.class, "elementData"),
$1 = Reflection.getDeclaredField(Vector.class, "elementCount"),
$2 = Reflection.getDeclaredField(Vector.class, "capacityIncrement");
static void $3(int _0, Field _1, Object _2, Field _3, int _4) {
if (_0 < 0) {
throw new IllegalArgumentException("Illegal Capacity: " + _0);
Reflection.set(_1, _2, new Object[_0]);
Reflection.setInt(_3, _2, _4);
static void $4(int _0, Field _1, Object _2, Field _3, Object _4) {
if (_0 >= Reflection.getInt(_1, _2)) {
throw new ArrayIndexOutOfBoundsException(_0 + " >= " + Reflection.getInt(_1, _2));
((Object[])Reflection.get(_3, _2))[_0] = _4;
public Vector(int anInitialCapacity, int aCapacityIncrement) {
$3(anInitialCapacity, $0, this, $2, aCapacityIncrement);
public synchronized void setElementAt(Object anObject, int anIndex) {
$4(anIndex, $1, this, $0, anObject);
} and new Vector<String> would get generated as:public class Vector$$C16java_lang_String extends AbstractList$$C16java_lang_String implements RandomAccess, Cloneable, Serializable {
protected Object[] elementData;
protected int elementCount;
protected int capacityIncrement;
private static final Field $0 = Reflection.getDeclaredField(Vector$$C16java_lang_String.class, "elementData"),
$1 = Reflection.getDeclaredField(Vector$$C16java_lang_String.class, "elementCount"),
$2 = Reflection.getDeclaredField(Vector$$C16java_lang_String.class, "capacityIncrement");
public Vector$$C16java_lang_String(int anInitialCapacity, int aCapacityIncrement) {
Vector.$3(anInitialCapacity, $0, this, $2, aCapacityIncrement);
public synchronized void setElementAt(String anObject, int anIndex) {
Vector.$4(anIndex, $1, this, $0, anObject);
}Comparisons with other approaches:
Compared with PolyJ this is a very java way of doing things, and further more it requires no changes to the JVM or the byte codes.
Compared with Pizza this works very well with java and has been designed using the latest java technologies.
Compared with GJ all type dependent operations can be done, and it is very intuitive, code does exactly the same thing it would have done if it was written by hand.
Compared with Runtime Generic Information no extra information is stored in each instance and hence no extra runtime checks need to get done.
Compared with NextGen this approach is completely backwards compatible. NextGen looks like it was trying to achieve the same goals, but aside from non backwards compatibility also suffered from the fact that Vector<String> didn't extend AbstractList<String> causing other minor problems. Also this approach doesn't create 2 types per new types like NextGen does (although this wasn't a big deal anyway). All that said NextGen was in my opinion a much better approach than GJ and most of the others.
Compared to .NET common runtime this is java and doesn't require changes to the JVM.
Compared to Fully Generated Generic Classes the classes generated by this approach are very lightweight wrappers, not full blown classes and also it does have a base class making integration with legacy code simple. It should be noted that the functionality of the Fully Generated Generic Classes is the same as this approach, that can't be said for the other approaches.
Compared with JSR-14, this approach doesn't suffer from GJ's problems, also it should be clear what to expect from this approach. Hopefully JSR-14 can be changed before it is too late.(a) How you intend generic methods to be translated.
Given that Vector and Vector<Object> are unrelated types,
what would that type be represented as in the byte code of
the method? In my approach Vector and Vector<Object> are related types. In fact the byte code signature of the existing method is exactly the same as it was in the legacy code using Vector.
To re-emphasize what I had said when explaining my approach:
System.out.println(Vector.class == Vector<Object>.class); // displays true
System.out.println(Vector.class == Vector<String>.class); // displays false
Vector vector1 = new Vector<Object>(); // legal
Vector<Object> vector2 = new Vector(); // legal
// Vector vector3 = new Vector<String>(); // illegal
// Vector<String> vector4 = new Vector(); // illegal
Vector<String> vector5 = new Vector<String>(); // legal
You must also handle the case where the type
parameter is itself a parameterized type in which the type
parameter is not statically bound to a ground instantiation.This is also very straightforward: (let me know if I have misunderstood you)
(translation of Vector given in my initial description)
public class SampleClass<TypeA> {
public static void main(String[] args) {
System.out.println(new Vector<Vector<TypeA>>(10, 10));
}would get translated as:public class SampleClass {
public static final Class[][] $GENERIC_DESCRIPTOR = {{Object.class}};
public static final byte[] $GENERIC_BYTES = {/*Generic Bytes Go Here*/};
private static final Constructor $0 = Reflection.getDeclaredConstructor(Vector$$C16java_util_Vector.class, new Class[] {int.class, int.class});
static void $1(Constructor _0, int _1, int _2) {
try {
System.out.println(Reflection.newInstance(_0, new Object[] {new Integer(_1), new Integer(_2)}));
catch (Exception ex) {
throw (RuntimeException)ex;
public static void main(String[] args) {
$1($0, 10, 10);
}and SampleClass<String> would get generated as:public class SampleClass$$C16java_lang_String {
private static final Constructor $0 = Reflection.getConstructor(Vector$$C37java_util_Vector$$C16java_lang_String.class, new Class[] {int.class, int.class});
public static void main(String[] args) {
SampleClass.$1($0, 10, 10);
Also describe the implementation strategy for when these
methods are public or protected (i.e. virtual).As I said in my initial description that for non final, non static, non private method invocations a Method may be passed into the implementing synthetic method as a parameter.
Note: the following main method will display 'in B'.
class A {
public void foo() {
System.out.println("in A");
class B extends A {
public void foo() {
System.out.println("in B");
public class QuickTest {
public static void main(String[] args) {
try {
A.class.getMethod("foo", null).invoke(new B(), null);
catch (Exception ex) {}
}This is very important as foo() may be overwritten by a subclass as it is here. By passing a Method to the synthetic implementation this guarantees that covariance, invariance and contra variance all work exactly the same way as in java. This is a fundamental problem with many other approaches.
(b) The runtime overhead associated with your translationAs we don't have a working solution to compare this to, performance comments are hard to state, but I hope this helps anyway.
The Class Load time is affected in 4 ways. i) All the Generic Bytes exist in the Base Class, hence they don't need to be read from storage. ii) The custom class loader, time to parse the name and failed finds before it finally gets to define the class. iii) The generation of the generic bytes to parametric bytes (basically involves changing bytes from the Constant Pool worked out from a new Parametric type, Utf8, Class and the new Parametric Constant types may all be effected) iv) time to do the static Reflection stuff (this is the main source of the overhead). Basically this 1 time per class overhead is nothing to be concerned with, and Sun could always optimize this part further.
The normal Runtime overhead (once Classes have been loaded) is affected mainly by reflection: On older JDKs the reflection was a lot slower, and so might have made a noticeable impact. On newer JDKs (since 1.4 I think), the reflection performance has been significantly improved. All the time consuming reflection is done once per class (stored in static fields). The normal reflection is very quick (almost identical to what is getting done without reflection). As the wrappers simply include a single method call to another method, these can be in-lined and hence made irrelevant. Furthermore it is not too difficult to make a parameter that would include small methods in the wrapper classes, as this does not affect functionality in the slightest, however in my testing I have found this to be unnecessary.
(c) The space overhead (per instantiation)There are very small wrapper classes (one per new Type) that simply contain all non private methods, with single method calls to the implementing synthetic method. They also include any fields that were in the original class along with other synthetic fields used to store reflected information, so that the slow reflection only gets done once per new Type.
(d) The per-instance space overheadNone.
(e) Evidence that the proposed translation is sound and well-defined for all relevant cases (see below)Hope this is enough, if not let me know what extra proof you need.
(f) Evidence for backward compatibility
(For example, how does an old class file that passes a Vector
to some method handle the case when the method receives a Vector<T>
where T is a type parameter? In your translation these types are unrelated.)As explained above, in my approach these are only unrelated for T != Object, in the legacy case T == Object, hence legacy code passing in Vector is exactly the same as passing in Vector<Object>.
(g) Evidence for forward compatibility
(How, exactly, do class files that are compiled with a generics compiler run on an old VM)They run exactly the same way, the byte codes from this approach are all legal java, and all legal java is also legal in this approach. In order to take advantage of the Generics the Custom Class Loader would need to be used or else one would get ClassNotFoundExceptons, the same way they would if they tried using Collections on an old VM without the Collections there. The Custom Class Loader even works on older VMs (note it may run somewhat slower on older VMs).
(h) A viable implementation strategyType specific instantiations are at Class Load time, when the Custom Class Loader gets asked for a new Class, it then generates it.
The type specific instantiations are never shipped as they never get persisted. If you really wanted to save them all you need to do is save them with the same name (with the $$ and _'s etc), then the class loader would find them instead of generating them. There is little to be gained by doing this and the only reason I can think of for doing such a thing would be if there was some reason why the target VM couldn't use the Custom Class Loader (the Reflection class would still need to be sent as well, but that is nothing special). Basically they are always generated at Runtime unless a Class with the same name already exists in which case it would be used.
The $GENERIC_DESCRIPTOR and $GENERIC_BYTES from the base class along with the new Type name are all that is required to generate the classes at runtime. However many other approaches can achieve the same thing for the generation, and approaches such as NextGen's template approach may be better. As this generation is only done once per class I didn't put much research into this area. The way it currently works is that the $GENERIC_DESCRIPTOR are basically used to verify that a malicious class files is not trying to create a non Type Safe Type, ie new Sample<Object>() when the class definition said class Sample<TypeA extends Button>. The $GENERIC_BYTES basically correspond to the normal bytes of a wrapper class file, except that in the constant pool it has some constants of a new Parametric Constant type that get replaced at class load time. These parametric constants (along with possibly Utf8 and Class constants) are replaced by the Classes at the end of the new type name, a little more complex than that but you probably get the general idea.
These fine implementation details don't affect the approach so much anyway, as they basically come down to class load time performance. Much of the information in the $GENERIC_BYTES could have been worked out by reflection on the base type, however at least for now simply storing the bytes is a lot easier.
Note: I have made a small syntax change to the requested class:
public T(X datum) --> public T<X>(X datum)
class T<X> {
private X datum;
public T<X>(X datum) {
this.datum = datum;
public T<T<X>> box() {
return new T<T<X>>(this);
public String toString() {
return datum.toString();
public static void main(String[] args) {
T<String> t = new T<String>("boo!");
System.out.println(t.box().box());
}would get translated as:
class T {
public static final Class[][] $GENERIC_DESCRIPTOR = {{Object.class}};
public static final byte[] $GENERIC_BYTES = {/*Generic Bytes Go Here*/};
private Object datum;
private static final Field $0 = Reflection.getDeclaredField(T.class, "datum");
private static final Constructor $1 = Reflection.getDeclaredConstructor(T$$C1T.class, new Class[] {T.class});
static void $2(Field _0, Object _1, Object _2) {
Reflection.set(_0, _1, _2);
static Object $3(Constructor _0, Object _1) {
try {
return Reflection.newInstance(_0, new Object[] {_1});
catch (Exception ex) {
throw (RuntimeException)ex;
static String $4(Field _0, Object _1) {
return Reflection.get(_0, _1).toString();
static void $5() {
T$$C16java_lang_String t = new T$$C16java_lang_String("boo!");
System.out.println(t.box().box());
public T(Object datum) {
$2($0, this, datum);
public T$$C1T box() {
return (T$$C1T)$3($1, this);
public String toString() {
return $4($0, this);
public static void main(String[] args) {
$5();
}as the generic bytes aren't very meaningful and by no means a requirement to this approach (NextGen's template method for generation may work just as well), here are the generated classes with some unused code commented out instead:
class T$$C28T$$C22T$$C16java_lang_String {
private T$$C22T$$C16java_lang_String datum;
private static final Field $0 = Reflection.getDeclaredField(T$$C28T$$C22T$$C16java_lang_String.class, "datum");
// private static final Constructor $1 = Reflection.getDeclaredConstructor(T$$C34T$$C28T$$C22T$$C16java_lang_String.class, new Class[] {T$$C28T$$C22T$$C16java_lang_String.class});
public T$$C28T$$C22T$$C16java_lang_String(T$$C22T$$C16java_lang_String datum) {
T.$2($0, this, datum);
// public T$$C34T$$C28T$$C22T$$C16java_lang_String box() {
// return (T$$C34T$$C28T$$C22T$$C16java_lang_String)T.$3($1, this);
public String toString() {
return T.$4($0, this);
public static void main(String[] args) {
T.$5();
class T$$C22T$$C16java_lang_String {
private T$$C16java_lang_String datum;
private static final Field $0 = Reflection.getDeclaredField(T$$C22T$$C16java_lang_String.class, "datum");
private static final Constructor $1 = Reflection.getDeclaredConstructor(T$$C28T$$C22T$$C16java_lang_String.class, new Class[] {T$$C22T$$C16java_lang_String.class});
public T$$C22T$$C16java_lang_String(T$$C16java_lang_String datum) {
T.$2($0, this, datum);
public T$$C28T$$C22T$$C16java_lang_String box() {
return (T$$C28T$$C22T$$C16java_lang_String)T.$3($1, this);
public String toString() {
return T.$4($0, this);
public static void main(String[] args) {
T.$5();
class T$$C1T {
private T datum;
private static final Field $0 = Reflection.getDeclaredField(T$$C1T.class, "datum");
// private static final Constructor $1 = Reflection.getDeclaredConstructor(T$$C6T$$C1T.class, new Class[] {T$$C1T.class});
public T$$C1T(T datum) {
T.$2($0, this, datum);
// public T$$C6T$$C1T box() {
// return (T$$C6T$$C1T)T.$3($1, this);
public String toString() {
return T.$4($0, this);
public static void main(String[] args) {
T.$5();
class T$$C16java_lang_String {
private String datum;
private static final Field $0 = Reflection.getDeclaredField(T$$C16java_lang_String.class, "datum");
private static final Constructor $1 = Reflection.getDeclaredConstructor(T$$C22T$$C16java_lang_String.class, new Class[] {T$$C16java_lang_String.class});
public T$$C16java_lang_String(String datum) {
T.$2($0, this, datum);
public T$$C22T$$C16java_lang_String box() {
return (T$$C22T$$C16java_lang_String)T.$3($1, this);
public String toString() {
return T.$4($0, this);
public static void main(String[] args) {
T.$5();
}the methods from the Reflection class used in these answers not given in my initial description are:
public static final Object newInstance(Constructor aConstructor, Object[] anArgsArray) throws Exception {
try {
return aConstructor.newInstance(anArgsArray);
catch (InvocationTargetException ex) {
Throwable cause = ex.getCause();
if (ex instanceof Exception) {
throw (Exception)ex;
throw new Error(ex.getCause());
catch (Exception ex) {
throw new Error(ex);
public static final Constructor getDeclaredConstructor(Class aClass, Class[] aParameterTypesArray) {
try {
Constructor constructor = aClass.getDeclaredConstructor(aParameterTypesArray);
constructor.setAccessible(true);
return constructor;
catch (Exception ex) {
throw new Error(ex);
} -
HI Team,
while starting the node manager in wls 8.1 and java1.4
we are facing this issue plz help on this immediately.
+ CLASSPATH=/srvrs/bdv/patches/CR210310_81sp4.jar:/usr/java14/lib/tools.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic_sp.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic.jar::/srvrs/bdv/bea
+ export CLASSPATH
+ export PATH
+ set -x
+ [ 5555 != ]
+ [ 142.182.112.123 != ]
+ /usr/java14/bin/java -Xms32m -Xmx32m -Dweblogic.security.SSL.enforceConstraints=off -Djava.security.policy=/srvrs/bdv/bea/weblogic81/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java14 -DListenAddress=142.182.112.123 -DListenPort=5555 weblogic.NodeManager
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <NodeManager: for information on command line options, try "java weblogic.NodeManager -h">
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Starting NodeManager >
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenAddress to 142.182.112.123..>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenPort to 5,555..>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting java home to '/usr/java14'>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Effective values of properties :
ListenAddress=142.182.112.123
ListenPort=5555
ListenerType=secureSocket
SavedLogsDirectory=NodeManagerLogs
NativeVersionEnabled=true
TrustedHosts=nodemanager.hosts
StartTemplate=../../server/lib/unix/nodemanager.sh
ReverseDnsEnabled=false
ScavangerDelaySeconds=180
PIDFileReadRetryCount=0
WeblogicHome=null
bea.home=null
JavaHome=/usr/java14
PropertiesVersion=8.1
>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Saving logs in'NodeManagerLogs'>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading private key and certificate chain from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoIdentity.jks. KeyStore type = jks, Using keystore passphrase = true, Alias = DemoIdentity>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoTrust.jks. KeyStore type = jks, Using keystore passphrase = true>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /usr/java14/jre/lib/security/cacerts. KeyStore type = jks, Using keystore passphrase = false>
SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:52)
at weblogic.nodemanager.internal.SecureSocketListener.run(SecureSocketListener.java:57)
at weblogic.nodemanager.internal.GenericListener.startListener(GenericListener.java:16)
at weblogic.nodemanager.NodeManager.startSecureSocketListener(NodeManager.java:461)
at weblogic.nodemanager.NodeManager.init(NodeManager.java:305)
at weblogic.nodemanager.NodeManager.run(NodeManager.java:511)
at weblogic.NodeManager.main(NodeManager.java:31)
Thanks,
EswarHi,
Did you find a solution to this? We are running into the same issue since upgrading to Weblogic 9.2.3 for WebCT Vista 8.0.4.
Thanks,
Ron -
Java.security.AccessControlException while trying to run the server app
ok, pretty new with java and rmi, so I wanted to run the application from the sun rmi tutorial
http://java.sun.com/docs/books/tutorial/rmi/TOC.html.
It all builds ok, i run the rmiregistry ,but when i try to run the server i get :
java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at java.net.Socket.connect(Socket.java:513)
at java.net.Socket.connect(Socket.java:469)
at java.net.Socket.<init>(Socket.java:366)
at java.net.Socket.<init>(Socket.java:180)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at engine.ComputeEngine.main(ComputeEngine.java:30)
what i noticed is that this output is similar to not running rmiregistry at all, so i guess the problem is with the way i'm running rmiregistry
thx in advanceYou're running the server with a SecurityManager. There's no need to do that at first. Get rid of it. When you have it working, write yourself a .policy file that grants that permission, and any others you discover it needs, and name that as your security policy file, e.g.
java -Djava.security.policy=my.policy -Djava.security.manager mypackage.MyServer ... -
How deploy the EJB in security on the Sun Java System Application Server 9?
I hava deploied a simple Hello EJB Object on PE 9(Sun Java System Application Server Platform Edition 9). I can use this EJB object without user name an password On any client. See the following code section:
public static void main(String[] args) {
try{
Properties props = System.getProperties();
props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.enterprise.naming.SerialInitContextFactory");
props.put(Context.PROVIDER_URL,"iiop://localhost:3700");
Context ctx = new InitialContext(props);
Hello h = (Hello) ctx.lookup("ejb/test/Hello");
System.out.println(h.sayHello());
}catch(Exception e){
e.printStackTrace();
Please tell me how deploy the EJB in security on the Sun Java System Application Server 9? So that, The client must set the user name and password when lookup the ejb object. Like the following:
props.put(Context.SECURITY_PRINCIPAL,"admin")
props.put(Context.SECURITY_CREDENTIALS,"1234");Guys,
I too have the same issue. If anyone has an answer, please let me know.
Is this GlassFish problem? or Prgram issue?
Find below the source code
package TransactionSecurity.bean;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
@Stateless
@Remote(TSCalculator.class)
@DeclareRoles({"student", "teacher"})
public class TSCalculatorBean implements TSCalculator {
private @Resource SessionContext ctx;
@PermitAll
// @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public int add(int x, int y) {
System.out.println("CalculatorBean.add Caller Principal:" + ctx.getCallerPrincipal().getName());
return x + y;
@RolesAllowed( { "student" })
public int subtract(int x, int y) {
System.out.println("CalculatorBean.subtract Caller Principal:" + ctx.getCallerPrincipal().getName());
System.out.println("CalculatorBean.subtract isCallerInRole:" + ctx.isCallerInRole("student"));
return x - y;
@RolesAllowed( { "teacher" })
public int divide(int x, int y) {
System.out.println("CalculatorBean.divide Caller Principal:" + ctx.getCallerPrincipal().getName());
System.out.println("CalculatorBean.divide isCallerInRole:" + ctx.isCallerInRole("teacher"));
return x / y;
package TransactionSecurity.bean;
import javax.ejb.Remote;
@Remote
public interface TSCalculator {
public int add(int x, int y);
public int subtract(int x, int y);
public int divide(int x, int y);
package TransactionSecurity.client;
import java.util.Properties;
import javax.ejb.EJBAccessException;
import javax.naming.Context;
import javax.naming.InitialContext;
import TransactionSecurity.bean.TSCalculator;
public class TSCalculatorClient {
public static void main(String[] args) throws Exception {
// Establish the proxy with an incorrect security identity
Properties env = new Properties();
env.setProperty(Context.SECURITY_PRINCIPAL, "kabir");
env.setProperty(Context.SECURITY_CREDENTIALS, "validpassword");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,"com.sun.appserv.naming.S1ASCtxFactory");
env.setProperty(Context.PROVIDER_URL,"iiop://127.0.0.1:3700");
env.setProperty("java.naming.factory.initial","com.sun.enterprise.naming.SerialInitContextFactory");
env.setProperty("java.naming.factory.url.pkgs","com.sun.enterprise.naming");
env.setProperty("java.naming.factory.state","com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
env.setProperty("org.omg.CORBA.ORBInitialHost", "127.0.0.1");
env.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
InitialContext ctx = new InitialContext(env);
TSCalculator calculator = null;
try {
calculator = (TSCalculator) ctx.lookup(TSCalculator.class.getName());
} catch (Exception e) {
System.out.println ("Error in Lookup");
e.printStackTrace();
System.exit(1);
System.out.println("Kabir is a student.");
System.out.println("Kabir types in the wrong password");
try {
System.out.println("1 + 1 = " + calculator.add(1, 1));
} catch (EJBAccessException ex) {
System.out.println("Saw expected SecurityException: "
+ ex.getMessage());
System.out.println("Kabir types in correct password.");
System.out.println("Kabir does unchecked addition.");
// Re-establish the proxy with the correct security identity
env.setProperty(Context.SECURITY_CREDENTIALS, "validpassword");
ctx = new InitialContext(env);
calculator = (TSCalculator) ctx.lookup(TSCalculator.class.getName());
System.out.println("1 + 1 = " + calculator.add(1, 1));
System.out.println("Kabir is not a teacher so he cannot do division");
try {
calculator.divide(16, 4);
} catch (javax.ejb.EJBAccessException ex) {
System.out.println(ex.getMessage());
System.out.println("Students are allowed to do subtraction");
System.out.println("1 - 1 = " + calculator.subtract(1, 1));
}The user kabir is created in the server and this user belongs to the group student.
Also, I have enabled the "Default Principal To Role Mapping"
BTW, I'm able to run other EJB3 examples [that does'nt involve any
security features] without any problems.
Below is the ERROR
Error in Lookupjavax.naming.NamingException: ejb ref resolution error for remote business interfaceTransactionSecurity.bean.TSCalculator [Root exception is java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:407)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:429)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:627)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:530)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:406)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:224)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)
----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No]
at com.sun.ejb.EJBUtils.lookupRemote30BusinessObject(EJBUtils.java:425)
at com.sun.ejb.containers.RemoteBusinessObjectFactory.getObjectInstance(RemoteBusinessObjectFactory.java:74)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:403)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at TransactionSecurity.client.TSCalculatorClient.main(TSCalculatorClient.java:35)
Caused by: java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:407)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:429)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:627)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:530)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:406)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:224)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)
----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No
at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:277)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:205)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:152)
at com.sun.corba.ee.impl.presentation.rmi.bcel.BCELStubBase.invoke(BCELStubBase.java:225)
at com.sun.ejb.codegen._GenericEJBHome_Generated_DynamicStub.create(com/sun/ejb/codegen/_GenericEJBHome_Generated_DynamicStub.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.ejb.EJBUtils.lookupRemote30BusinessObject(EJBUtils.java:372)
... 5 more
Caused by: org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:407)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:429)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:627)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:530)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:406)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:224)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)
----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.getSystemException(MessageBase.java:913)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(ReplyMessage_1_2.java:131)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(CorbaMessageMediatorImpl.java:685)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(CorbaClientRequestDispatcherImpl.java:472)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:363)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:219)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:192)
... 13 moreAny help is appreciated.
Regards!
Nithi.
Edited by: EJB3 on Aug 17, 2008 8:17 PM -
The loading of OPSS java security policy provider failed due to exception
Hi,
The issue is execution of startWebLogic.cmd failed,once shutting down the system and restarting it.At first time,after the installation ,it worked and I was able to log in to web logic server.I also created boot.properties file with user name and password for web logic server in user_projects/domains/UCM_domain/server/admin server/security folder.
The operating system is windows xp, with 32 bit,oracle web logic version 11g, and UCM version 11.1.1.4.0.
the error log is:
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:847)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:808)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based farm keystore failed.
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:351)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:101)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:73)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:63)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:798)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
>
####<Aug 10, 2011 4:18:13 PM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293797> <BEA-000365> <Server state changed to FAILED>
####<Aug 10, 2011 4:18:13 PM IST> <Error> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293797> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Aug 10, 2011 4:18:13 PM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293812> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Aug 10, 2011 4:18:13 PM IST> <Info> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293828> <BEA-000236> <Stopping execute threads.>Thanks René van Wijk for the reply.
I tried the action u replied for my question, but the same error again continued.iam unable to login in admin server.
The main error is **Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider**
** at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)**
the message in the error log is
<BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:847)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:808)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based farm keystore failed.
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:351)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:101)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:73)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:63)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:798)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
>
####<Aug 11, 2011 11:09:57 AM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000365> <Server state changed to FAILED>
####<Aug 11, 2011 11:09:57 AM IST> <Error> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Aug 11, 2011 11:09:57 AM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Aug 11, 2011 11:09:57 AM IST> <Info> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197218> <BEA-000236> <Stopping execute threads.> -
There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?
Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
Web content - Enable Java
- Enable JavaScript -
The role of java.security.acl in Java 2 security
I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
Thanks much,
Alex KarasuluI see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
Thanks,
Alex
Maybe you are looking for
-
Borderless printing with Adobe reader or acrobat and HP Officejet Pro 8100
Hello, When printing borderless with my Pro 8100 the printed pdf moves about 2mm to te left on the paper. (White vertical strip on the right side is the result and on the left side something is missing!). What causes the problem seems to be that the
-
Differece b/w dataelement and domain
hi every body when creating table after giving the column name we can mention the direct type or specify the data element. in data element we mention data types and other properties, similarlay in dataelemens we can also specify the domain. my questi
-
Livecycle ES 8.2 Compatability
Does Livecycle ES 8.2 works on Windows vista 64-bit Home premium? or Does it work on Windows XP SP2?
-
Scan to Network Folder not working on OS X Yosemite
I've tried about a million combinations to scan to my network folder on OS X Yosemite from my Color OfficeJet Pro MFP M476dw, but no success. Strangely, I can initiate a scan from my Mac and it works just fine. I just can't set it up to scan to a n
-
Aperture 3: Losing quality when exporting to jpg
I'm downloading raw (nef) images to my hard drive from a Nikon D7000 then importing into Aperture 3. I make changes mostly with Enhance within Aperture 3 and using the Color Efex Pro 4 plug-in. Looks great in Aperture and if I export using any of the