Permissions on Postx Jar for CRES
Hi,
When I try to read an incoming secure message (CRES Registered Envelope) using a browser, I get the following error regarding missing permissions on a Postx jar:
If I continue to run, I get the following second message. I cannot decrypted the message locally on my desktop.
I installed Java and the CRES toolkit (can't remember the exact name) some time ago as I was prompted to do so on my first attempt to read a registered envelope.
Any idea how to recover from this? Is there a newer version of the toolkit for CRES/PostX that may solve this problem?
Thanks.
Hi David,
Thanks for your response. Here are some more detail:
I saved the attachment on disk and then tried opening it with couple of browsers (Firefox and Chrome), all with same result. I'd rather not use the Online option as that is against our policy (i.e. sending the encrypted envelop to Cisco for decryption). But I turned on full debug/trace and a complete report is attached. In a nutshell:
- The following jar seems to be causing the problem:
http://applet.postx.com/dist/EnvelopeTools51.jar
- Per trace messages, the Jar is built for Java 1.6.0.31 which I don;t have on my system. I'm running
1.7.0_45. The warnings indicate missing permission manifest attribute and potential problems with newer versions of Java
Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624
Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624
Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384829604624
- And finllay, a NullPointerExceptopn occurs at:
com.postx.client.Tools.genBaseDir(Tools.java:2075)
I wonder why others don't see the same issue? Is it just the matter of folks upgrading to the newer Java environments to get the same error or somthing in my environment is can cause the exception?
I tried lowering the security level for applets from Java console to Medium (from High), I got an additional prompt asking me if I would run the applet with an older Java environment on my system (1.6.0.45), but it didn't help. Had the same result.
Any help is appreciated.
John
PS - oops! just noticed I cannot attach a file on reply. So I append the trace file below
=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\john
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to
cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@ba074a
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@1a80fb8
basic: Plugin2ClassLoader.addURL parent called for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
security: Blacklist revocation check is enabled
security: blacklist: Reconstruct cache
security: blacklist: created: NEED_CREATE, lastModified: 1384828211442
security: blacklist: hasBeenModifiedSince 1384827946764 (we have 1384828211442)
cache: Trying to update in place C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-4ce570b3.idx
cache: Upgrade writing to disk for C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-4ce570b3
security: blacklist: check contains 3037+iVeU8fGjcXsuZLW/Iv5Ey0=, state now NEED_CREATE
security: blacklist: check raw C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic, false
security: blacklist: check raw C:\Program Files (x86)\Java\jre7\lib\security\blacklist, false
security: blacklist: check raw C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklist, false
security: blacklist: save cache to C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
security: Trusted libraries list check is enabled
security: Trusted libraries list file not found
cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}
cache: Upgrade of entry done
cache: readIndexFile returning success
network: Remove cache entry: http://applet.postx.com/dist/EnvelopeTools51.jar?1384827885778
network: Cache entry not found [url: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677, version: null]
network: Connecting http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 with proxy=DIRECT
network: Connecting http://applet.postx.com:80/ with proxy=DIRECT
network: CleanupThread used 49324 us
network: CleanupThread used 2 us
network: Downloading resource: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Content-Length: 162,928
Content-Encoding: null
network: Wrote URL http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 to File C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-331fcc0a-temp
security: blacklist: check contains 3037+iVeU8fGjcXsuZLW/Iv5Ey0=, state now IN_MEMORY
security: blacklist: not found in cache
security: Trusted libraries list file not found
cache: Create from verifier: JarSigningData{hasOnlySignedEntries=true, hasSingleCodeSource=true, hasMissingSignedEntries=false}
network: CleanupThread used 1 us
cache: Adding MemoryCache entry: http://applet.postx.com/dist/EnvelopeTools51.jar
security: blacklist: hasBeenModifiedSince 1384828213748 (we have 1384828211442)
network: Cache entry found [url: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
cache: Read manifest for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677: read=89 full=2225
cache: Loading full manifest for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677cache: Reading Signers from 5516 http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 | C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\73851b8f-331fcc0a.idx
cache: Done readSigners(http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677)
security: Trust for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 has ended: Wed Dec 31 19:00:00 EST 1969
security: Accessing keys and certificate in Mozilla user profile: null
Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
security: Loading Deployment certificates from C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Loading blacklisted.certs file: C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: 24A257718B2EDA924A30EC15806F46E277735B6F53C551EA2DEC224D154FD171
security: SHA-256Certificate finger print: AF840CA2B9DFB776BF81AA94C401BC440C52E5C590C43607A13D6680D83E3349
security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51
security: SHA-256Certificate finger print: 3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: The OCSP support is enabled
security: The CRL support is enabled
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Cache entry found [url: http://crl.thawte.com/ThawtePremiumServerCA.crl, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: http://crl.thawte.com/ThawtePremiumServerCA.crl
cache: Resource http://crl.thawte.com/ThawtePremiumServerCA.crl has expired.
network: Connecting http://crl.thawte.com/ThawtePremiumServerCA.crl with proxy=DIRECT
network: Connecting http://crl.thawte.com:80/ with proxy=DIRECT
network: ResponseCode for http://crl.thawte.com/ThawtePremiumServerCA.crl : 304
network: Encoding for http://crl.thawte.com/ThawtePremiumServerCA.crl : null
network: Disconnect connection to http://crl.thawte.com/ThawtePremiumServerCA.crl
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
network: Connecting http://ocsp.thawte.com:80/ with proxy=DIRECT
security: OCSP Response: GOOD
security: Certificate validation succeeded using OCSP/CRL
basic: Dialog type is not candidate for embedding
security: User has granted the privileges to the code for this session only
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
security: Grant socket perm for http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 : java.security.Permissions@1f3cb0e (
("java.net.SocketPermission" "applet.postx.com" "connect,accept,resolve")
security: Trust for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677 has ended: Wed Dec 31 19:00:00 EST 1969
Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
security: Validate the certificate chain using CertPath API
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: SHA-256Certificate finger print: 24A257718B2EDA924A30EC15806F46E277735B6F53C551EA2DEC224D154FD171
security: SHA-256Certificate finger print: AF840CA2B9DFB776BF81AA94C401BC440C52E5C590C43607A13D6680D83E3349
security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51
security: SHA-256Certificate finger print: 3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9
Missing Application-Name: manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Permissions manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
Missing Codebase manifest attribute for: http://applet.postx.com/dist/EnvelopeTools51.jar?1384828210677
security: Validate the certificate chain using CertPath API
security: SSV validation:
running: 1.7.0_45
requested: 1.6.0.31
range: null
javaVersionParam: null
Rule Set version: null
network: Created version ID: 1.7.0.45
network: Created version ID: 1.6.0.31
security: Ask user to use: 1.6.0.31
network: Created version ID: 1.7.0.45+
network: Created version ID: 1.6.0.31
network: Created version ID: 1.6.0.31
network: Created version ID: 1.6.0.65
network: Created version ID: 1.7.0.45
network: Created version ID: 1.7
network: Created version ID: 2.2.45
basic: Applet loaded.
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 175756 us, pluginInit dt 10604238 us, TotalTime: 10779994 us
2013-11-18 21:30:21.676: Ident: $Id: EnvelopeTools.java,v 1.17 2011/04/05 21:18:39 blm Exp $
2013-11-18 21:30:21.677: build: 57
2013-11-18 21:30:21.677: build time: Wed Apr 06 02:37:22 EDT 2011
2013-11-18 21:30:21.710: Raw document.URL: file:///C:/Users/john/Downloads/securedoc_20131110T081336.html
2013-11-18 21:30:21.714: documentBase: null
2013-11-18 21:30:21.714: documentURL: file:///C:/Users/john/Downloads/securedoc_20131110T081336.html
2013-11-18 21:30:21.714: documentCharset: UTF-8
2013-11-18 21:30:21.714: codeBase: http://applet.postx.com/dist/
2013-11-18 21:30:21.714: appletName: EnvelopeTools51
2013-11-18 21:30:21.714: Ident: $Id: Tools.java,v 1.4 2011/04/06 02:49:34 blm Exp $
2013-11-18 21:30:21.714: Java: Oracle Corporation 1.7.0_45
2013-11-18 21:30:21.714: OS: Windows 8 6.2
2013-11-18 21:30:21.714: userAgent: mozilla/5.0 (windows nt 6.2; wow64; rv:25.0) gecko/20100101 firefox/25.0
2013-11-18 21:30:21.714: sunJava: true
2013-11-18 21:30:21.714: inIE: false
2013-11-18 21:30:21.714: OSMacOSX: false
2013-11-18 21:30:21.714: OSVista: true
2013-11-18 21:30:21.714: haveMSSecurity: false
2013-11-18 21:30:21.714: Free memory: 7904920
2013-11-18 21:30:21.715: Total memory: 16252928
java.lang.NullPointerException
at com.postx.client.Tools.genBaseDir(Tools.java:2075)
network: Created version ID: 1.7.0.45
network: Created version ID: 1.7.0.45
at com.postx.client.Tools.run(Tools.java:394)
at com.postx.client.EnvelopeTools.init(EnvelopeTools.java:73)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.NullPointerException
network: Created version ID: 1.7.0.45
network: Created version ID: 1.7.0.45
basic: Dialog type is not candidate for embedding
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@1a80fb8
security: Reset deny session certificate store
Similar Messages
-
Permissions to external Jar for reading-writing on a file
hi all,
I explain my situation.
I ' ve made an open source project similar to plpdf using jasper report libraries and others.
My project, which works perfectly in a java jre, have some problems in Oracle Aurora jvm.
I use the Reflection technique to load the classes from their libraries.
For this i use this class :
{color:#993300}<strong>import java.io.File;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
* @author g.veltro
public class Utility {
public final static ClassLoader sysloader = ClassLoader.getSystemClassLoader();
public static Object createIstance (Class classe,Object [] parameters,Class [] parametersClasses) throws InstantiationException, IllegalAccessException, NoSuchMethodException, IllegalArgumentException, InvocationTargetException{
Constructor cons = classe.getConstructor(parametersClasses);
return cons.newInstance(parameters);
public static Object executeMethod(Object obj,Class objClass,String methodName,Object [] parameters,Class [] parametersClasses) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException {
Method method = objClass.getDeclaredMethod(methodName,parametersClasses);
method.setAccessible(true);
return method.invoke(obj, parameters);
public static void addJarLibrary(String s) throws MalformedURLException, IOException{ <br /><br />addJarLibrary(new File(s)); <br /><br />}
public static void addJarLibrary(File f) throws MalformedURLException, IOException{ <br /><br />addJarLibrary(f.toURI().toURL()); <br /><br />}
public static void addJarLibrary(URL url) throws IOException{
URLClassLoader urlsysloader = null;
urlsysloader = (URLClassLoader) sysloader;
try { <br /><br />executeMethod(urlsysloader,URLClassLoader.class,"addURL",new Object[]url,new Class[]{URL.class});
} catch (Throwable t) { <br /><br />t.printStackTrace(); <br /><br />throw new IOException("Error, could not add "+url.getPath()+" to system classloader");<br /><br />}
public static void addJarLibraries(String libDir) throws IOException {
File directory = null;
directory = new File(libDir);
if(directory.isDirectory()){
JarFilter filter = new JarFilter();
File[] jarLibraries = directory.listFiles(filter);
for(int i=0;i<jarLibraries.length;i++){ <br /><br />addJarLibrary(jarLibraries</strong>{color}<em>{color:#993300}<strong>);
} else { <br /><br />throw new IOException(libDir+" is not a Directory !"); <br /><br />}
</strong>{color}
I gave all the permissions as dba to allow java to access files, etc. etc
{color:#993300}<strong>Begin
dbms_java.grant_permission( 'NEOGEO', 'SYS:java.lang.RuntimePermission', 'accessDeclaredMembers', '' );
dbms_java.grant_permission( 'NEOGEO', 'SYS:java.lang.reflect.ReflectPermission', 'suppressAccessChecks', '' );
end;
</strong>{color}
Then when I try to call a class library that attempts to access a file residing in the file-system i recive an exception.
This is an example of code that call a class and execute one methods.
{color:#993300}<strong>public static Object compileJrxml(String path_file_jrxml) throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException {
Object jReport = null;
Object jCompileManager = null;
Class jcmClass = null;
Object [] params = {path_file_jrxml};
Class [] paramsClasses = {String.class};
jcmClass = Class.forName("net.sf.jasperreports.engine.JasperCompileManager",true,org.Reflection.Utility.sysloader);
jCompileManager = jcmClass.newInstance();
// compilazione del report
jReport = Utility.executeMethod(jCompileManager,jcmClass,"compileReport",params,paramsClasses);
return jReport;
</strong>{color}
this is the exception :
{color:#993300}<strong>java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
at java.lang.reflect.Method.invoke(Method.java)
at org.Reflection.Utility.executeMethod(Utility.java)
at org.EngineReport.ReportControl.compileJrxml(ReportControl.java:44)
at org.EngineReport.ReportOracle.getReportByte(ReportOracle.java:130)
at org.EngineReport.ReportOracle.ReportAsBlob(ReportOracle.java:69)
at org.EngineReport.ReportOracle.ReportAsBlob(ReportOracle.java:49)
Caused by: java.security.AccessControlException: the Permission (java.io.FilePermission /home/neogeo/Java_Resources.jrxml read) has not been granted to ProtectionDomain (file:/home/neogeo/lib/jasperreports-3.0.0.jar <no signer certificates>)
AppClassLoader: file:/home/neogeo/lib/xml-apis.jar file:/home/neogeo/lib/jpa.jar file:/home/neogeo/lib/jdt-compiler-3.1.1.jar file:/home/neogeo/lib/png-encoder-1.5.jar file:/home/neogeo/lib/ant-1.5.1.jar file:/home/neogeo/lib/jaxen-1.1.1.jar file:/home/neogeo/lib/mondrian-2.3.2.8944.jar file:/home/neogeo/lib/commons-javaflow-20060411.jar file:/home/neogeo/lib/batik-bridge.jar file:/home/neogeo/lib/antlr-2.7.5.jar file:/home/neogeo/lib/batik-parser.jar file:/home/neogeo/lib/hibernate3.jar file:/home/neogeo/lib/batik-ext.jar file:/home/neogeo/lib/commons-logging-1.0.2.jar file:/home/neogeo/lib/jasperreports-3.0.0.jar file:/home/neogeo/lib/batik-svggen.jar file:/home/neogeo/lib/batik-xml.jar file:/home/neogeo/lib/xml-apis-ext.jar file:/home/neogeo/lib/batik-dom.jar file:/home/neogeo/lib/jakarta-bcel-20050813.jar file:/home/neogeo/lib/servlet.jar file:/home/neogeo/lib/hsqldb-1.7.1.jar file:/home/neogeo/lib/batik-gvt.jar file:/home/neogeo/lib/batik-svg-dom.jar file:/home/neogeo/lib/jxl-2.6.jar file:/home/neogeo/lib/groovy-all-1.5.5.jar file:/home/neogeo/lib/xercesImpl.jar file:/home/neogeo/lib/batik-awt-util.jar file:/home/neogeo/lib/bsh-2.0b4.jar file:/home/neogeo/lib/commons-digester-1.7.jar file:/home/neogeo/lib/batik-css.jar file:/home/neogeo/lib/commons-logging-api-1.0.2.jar file:/home/neogeo/lib/jfreechart-1.0.0.jar file:/home/neogeo/lib/itext-1.3.1.jar file:/home/neogeo/lib/poi-3.0.1-FINAL-20070705.jar file:/home/neogeo/lib/batik-util.jar file:/home/neogeo/lib/commons-beanutils-1.7.jar file:/home/neogeo/lib/jcommon-1.0.0.jar file:/home/neogeo/lib/saaj-api-1.3.jar file:/home/neogeo/lib/batik-script.jar file:/home/neogeo/lib/xalan.jar file:/home/neogeo/lib/batik-anim.jar file:/home/neogeo/lib/commons-collections-2.1.jar
<no principals>
java.security.Permissions@1aebb385 (
(java.io.FilePermission /home/neogeo/lib/jasperreports-3.0.0.jar read)
(java.util.PropertyPermission user.language write)
(java.util.PropertyPermission * read)
(java.lang.RuntimePermission modifyThreadGroup)
(java.lang.RuntimePermission createSecurityManager)
(java.lang.RuntimePermission modifyThread)
(java.lang.RuntimePermission preferences)
(java.lang.RuntimePermission exitVM)
(oracle.aurora.security.JServerPermission LoadClassInPackage.*)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java)
at java.security.AccessController.checkPermission(AccessController.java)
at java.lang.SecurityManager.checkPermission(SecurityManager.java)
at oracle.aurora.rdbms.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java)
at java.lang.SecurityManager.checkRead(SecurityManager.java)
at java.io.FileInputStream.<init>(FileInputStream.java)
at net.sf.jasperreports.engine.xml.JRXmlLoader.load(JRXmlLoader.java:167)
at net.sf.jasperreports.engine.xml.JRXmlLoader.load(JRXmlLoader.java:152)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:150)
... 9 more
</strong>{color}
The problem i think is that i have to give the permission for input and output on files to an external jar-library .
I don't know how i can resolve this problem ....
Do you have any suggestions? </em>Hi,
the problem with grant_permission is, that this can be done for a schema or a role - not for a ProtectionDomain as you need.
Some on this forum claim that it is possible to control the SecurityManager by the java.policy file in OH/javavm/lib/security. You should try to put something like this in this file (create it if it doesn’t exist)
grant codeBase "file:/<your codebase>" {
permission java.security.<your privilege>;
Unfortunately this doesn't worked for me in 11.1.0.6.0.
What you could try if you don't find other solution is to extend or write your own (not recommended) SecurityManager.
see http://download.oracle.com/docs/cd/B28359_01/java.111/b31225/chten.htm#BABJBJGE
To simple see if your application runs without security you can try the NullSecurityManager.
see http://java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/SecurityManager/help.html
compile and load the class in your schema and activate it with
System.setSecurityManager(new NullSecurityManager());
This is for sure not a solution for a productive system.
HTH
Jaromir D.B. Nemec -
Beehive Conferencing Java-based Client Error: Cannot grant permissions to unsigned jars
Hi,
When I start a Beehive online web conference via the Java-based client on Ubuntu 12.04, I get the following error:
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application.
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:778)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:552)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:889)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:289)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:209)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:323)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:770)
... 2 more
Caused by:
net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:289)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:209)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:323)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:770)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:552)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:889)
Thanks for your helpWe have an HTTP/HTTPS conflict when downloading the JavaFX client that we have not yet been able to resolve without breaking something else :-)
We recommend you use the downloadable client - available from the https://beehiveonline.oracle.com/bcentral/action?page=downloadlanding&appId=Oracle+Beehive+Conferencing+Bootstrap%7Cwind… -
Deployment Issues, Different Jars for Diff Java in one application.
HI,
I need to put classpath (Jars) for my WEB-INF/classes. Different Jars for Diff files in one application.
The problem is , for one ofmy application, the lib files are x.jar and y.jar , x is older than y but have same
lib files. in x and y, there is one class , r.java , which have a method method1(). whey they are doing modifications in y.jar , the r.java has changed to new vertion, the method method1() they re-written the body.
My application have 5 java files, in which 2 files uses r.java imported from the x.jar earlier.
Now we need to use y.jar because , the y.jar have more files added with good futures. But the earlier 2 files are giving exception if i use y.jar.
I need solution for this. how can i put classpath for the 2 files to use the x.jar and other files to use y.jar in the same application.
I am using a Tomcat 4 server. only Servlets, JSPs I am using.
Thank you,
KiranI may be missing something here, is y.jar a newer version of x.jar? And if it is do you need x.jar at all? Are there classes in x.jar that do not exist in y.jar? Can you modify your application to provide the same functionality and only use y.jar?
-
How to use two different ojdbc14.jar for two web application.
Hi,
I have two web application running in same tomcat, I need to use the two different ojdbc14.jar for two application, now both are taking the jars from tomcat common/lib directory, I tried copying the new ojdbc14.jar in web-inf/lib folder of one application, but it is not working.
Could you please let me know whether this will take the jar from tomcat by befault or from web-inf, and a solution how to proceed with this.
Thanks in advance.Yes, I tried removing the jars from common/lib, but as the connection string is mentioned inside the server.xml it is showing db connection error while trying to connect to the database
-
Including External JARs for Java Application in OC4J
Hi Experts,
Here is my requirement.
I have developed my Java application using Tomcat Server & Eclipse. In my application I have used some External JARs & imported the classes in my JSP.
Now that I'm using OC4J Server instead of Tomcat I'v no clue as to where I have copy these External JARs for my application to work.
I have installed OBIEE-Client which includes OC4J server. The path where I have placed my application is as below
*"C:\OracleBI\oc4j_bi\j2ee\home\default-web-app"*
If I run my application the server does not import the classes in the JSP which we include using Import statement using JSP tags (*ex* - <%@ page import = "org.apache.commons.fileupload.*"%>).
This is the location which I found, where I need to put my Java-J2EE application. This OC4J_BI comes with OBIEE.
Kindly help me out on where to place these External JARs exact location in OC4J.
Also let me know if I have to alter any configuration/xml file (if so pls specify the file name & its location).
Thanks in advance,
VenkyYou can either include the external libraries in the application, by placing them into WEB-INF/lib, or you can import them into the server as "shared libraries", normally you'd use the "enterprise manager" application to do this. Having loaded a shared library you then add it to the classpath when you're deploying the application.
-
Where is the jar for me to import?
import javax.servlet.http.*; <--- showing error
import kr.pe.okjsp.util.*;
import com.oreilly.servlet.MultipartRequest;
public class WriteServlet extends HttpServlet { <--- showing error
long long time ago, there was
server.jar
but in java 5.0, where is the jar for me to import?
It would be really appreciated. Do I have to download j2ee for this?
My memory is fuzzy...
Thanks -Yes, it is part of EE not SE. Or you can get it/them from your application server's lib dir (which may or may not be a better choice).
-
Signing a trusted jar for use with forms
I have not found sufficient documentation on how to sign a new jar for use in conjunction with forms.
I have read the descriptions in the getCLientInfo bean.
This doesn't cover the whole subject.
What must be done in Jinitiator? for instance.
Can someone direct me to a more exhaustive source of information?
I've done everything I can think of and /or discover and I'm still getting Security exceptions.
MickAdrienk wrote:
is the a tutorial on how to open a .jar file and use it with in eclipse by keeping the same file structure?Is your shift key broken, or are you just too lazy to apply once at the start of each sentence?
In any case, for Eclipse problems, see [http://www.google.com/#q=eclipse+forum]. -
SSL Cert used to sign Jars for distribution via WebStart
Hi,
I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
Certificate chain not found for: myalias myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
xxx.cabundle (this can be imported into keytool easily)
cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
private/xxx.key
My questions I suppose are:
1. Can I use a cert issued for SSL to sign jars for webstart distribution?
2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
Any help would be appreciated!
RichHi,
yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
Sent from Cisco Technical Support Android App -
Adf bc jar for base entity classes and extending them existing project
Hi,
I am using jdev 11.1.1.0 and have created a base workspace/project and adf jar for my base entity classes.
1. I can consume this base adf bc jar in a separate new consuming workspace and create VO based on base bc classes or create new EOs that extend base bc entity classes.
2. Furthermore, for an existing consuming project that earlier included src/ of base entity (BC components), i can remove the dependency on bc source and bring in this new adf jar and everything including the view controller and the service/datacontrol works fine.
The issue i am running into is as follows.
- In the existing project (#2) above i try to create a couple of entities based on entities in my base jar; associations are automatically brought in. Note i am not overriding any attributes. My intent here is to generate .java and implement some code.
- I then try to make my existing VOs based on the newly extended entity (VO overview->Entity Objects-> Shuttle NewEntity from Available to Selected)
- I then try to remove the old EO from selected under VO overview->Entity Objects->Shuttle OldEntity from Selected back
- I get a warning dialog box that says something to the effect that some viewlinks are dependent on these old EOs in this consuming project.
- I tried to laboriously analyzed dependencies and it this dialog box does not make any sense as I have already extended EOs and the tooling should be able to let me use these
My questions
- Why I am not able to remove old entities from VO dependencies
- Is it ok to leave the old EOs in "Selected" along with the newly extended EO ? What are the implications for this?
- I also thought about extending base associations, but did not go anywhere.
In general, I am ok with consuming an ADF BC jar that has entities etc. but not clear about removing dependencies of base EOs on VOs when entities are extended and consumed in a pre-existing project that used base entities.
I can send a project if any PM is willing to take a look at it.
Thanks,
ps:
I have already gone over the following info
http://technology.amis.nl/blog/215/organization-of-bc4j-domain-eo-and-business-vo-package
.. wants to create an enterprise data model in BC4J, reflecting the Enterprise Data Model set up in the RDBMS. All (or at least most) business rules will be implemented in the Middle Tier – to take the load of the database and also allow developers not comfortable with PL/SQL to define and maintain the business rules. It is clear that this means that all applications that need to access – and manipulate – the database, need to go through the BC4J foundation layer. Martijn wants to define the Entity Objects – and their business rules – only once and share that definition between different projects. Each projects can create its own ViewObjects on top of these shared Enterprise Entity Objects.
http://radio-weblogs.com/0118231/2005/09/29.html
I am currently working on a project for a partner where we will be using ADF BC as our model layer for a large application. In order to keep the footprint of each application module down to a reasonable size, we are intending to create a number of separate 'root' application modules for each functional area of the application. Within, these 'root' application modules we will then use nested application modules to further partition the application. All of the application modules will be accessing the same datasource and will need access to the same database objects.
In order to separate our code between the development team and into function areas, our initial thoughts were that we would create an ADF BC model project containing Entity Objects for all of the database tables e.t.c. as these are common amongst all functional areas. We have configured all of the EOs for validation rules, defaulting values and extending doDML() as appropriate. Happy at this stage we then created a simple .jar file to deploy all of the definitions. Upon creating a new ADF BC project for each functional area we added the jar file as a library import into the new project. However when we the tried to create some new View Objects via the JDev Wizard we were unable to see the imported Entity Objects.
Is the only way to share Entity Object definitions between different ADF BC projects to manually copy the source definition files into the new projects src directory? Since this would mean multiple copies of the same components, it could prove to be a maintenance nightmare.Is there a way of doing it without creating multiple copies of the same object definitions?
The developer is spot on in their ideas of layering and reuse, and even has created a library for their reusable entities. This last step is not something everyone thinks to do. The missing step is known as "importing" components, so with that one extra bit of knowledge under his belt, he should be able to do exactly what he envisions. My little article called Difference Between Adding and Importing Business Components tries to explain the difference and gives the menu options to choose to perform the importing.
Difference between adding and importing BC4J
http://radio-weblogs.com/0118231/stories/2005/08/11/differenceBetweenAddingAndImportingBusinessComponents.html
Working with Libraries of Reusable Business Components
http://download.oracle.com/docs/cd/B32110_01/web.1013/b25947/bcadvgen.htm#CHEFECGDHi,
since you followed the OC4J developer guide I think this question might be better handled there as well
OC4J
So in case you don't get an answer here on the forum, try it on the OC4J forum
Frank -
having problem w 3rd party software ., there tech advsed me to repair permissions before reinstalling software . However , querrie says repairing permissions is not good for system . whats up ,, help !!!
I've fixed the problem - I think.
I forgot I had the program "Little Snitch" installed on my computer. So I went into it and saw that it was blocking most of my connections for all the programs I use on a daily basis. Once I lifted the RULE to those certain programs - BAM - everything came back to life in an instant! -
SimpleCallbackHandler no longer in weblogic.jar for WebLogic 10.3g
I was using the weblogic.security.SimpleCallbackHandler in WebLogic 9.2 to authenticate users. I looked at the documentation for 10.3g and it still mentions this class is available, however it is not in the weblogic.jar file nor in the javadocs. Here is the URL where I was looking. http://e-docs.bea.com/wls/docs103/security/thin_client.html#wp1035574.
The only CallbackHandler in the 10.3g release seems to be the weblogic.security.URLCallbackHandler class. I tried replacing the SimpleCallbackHandler with this class. When I put the weblogic.jar in my classpath and build, I get the following error.
class file for weblogic.security.acl.internal.AuthenticatedSubject not found
ServletAuthentication.runAs(mySubject, request);
Indeed, this class is not in the weblogic.jar file. Both SimpleCallbackHandler and AuthenticatedSubject were in the weblogic.jar for WebLogic 9.2
<code>
import javax.security.auth.Subject;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.services.Authentication;
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
LoginForm loginForm = (LoginForm) form;
Subject subject = Authentication.login(new SimpleCallbackHandler(loginForm.getUsername(), loginForm.getPassword().getBytes()));
weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
<./code>
Why were these removed and not deprecated???SimpleCallbackHandler does not exist in weblogic.jar. Used the following code to get around this. WebLogic documentation offers this as an alternative to using SimpleCallbackHandler.
Subject subject = Authentication.login(new URLCallbackHandler(uid, pwd));
weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
This code agrees with the snippet provided in WebLogic documentation
Project does not compile with the following error:
Project: C:\apps\11g\PrismMainApp\ViewController\ViewController.jpr
C:\apps\11g\PrismMainApp\ViewController\src\adr\prismmain\view\managed\PrismLogin.java
Error(70,28): cannot access weblogic.security.acl.internal.AuthenticatedSubject -
[J2ME Polish] How to generate jad/jar for all devices?
Hello,
I've developed a J2ME Polish application using Netbeans 6.1 as IDE.
Now I'd like to generate the corresponding jad/jar for all the existing devices. How can I do that?
Furthermore, as soon as I'll have generated all these jar/jad, I'd like to put them all in a Web directory in order to make each device able to download the jad/jar corresponding to its configuration. How can I switch a given device towards the appropriate jad/jar in this Web directory?
Help me please, I'm really confused!
Thanks you in advance.
/arkienouEven though JDK1.4 is not officially shipping the
Java Plugin 1.4 documents on Security are fairly
good. Check out :
http://java.sun.com:80/j2se/1.4/docs/guide/plugin/developer_guide/contents.html
http://java.sun.com:80/j2se/1.4/docs/guide/plugin/developer_guide/rsa_how.html
regards,
atsSun
Sun Microsystems -
Has anyone tried to secure a jar for packaging it up and shipping it off to
a customer to avoid decompilation of the classes? For example, WinZip offers
a password protection for a zip file, using the Zip 2.0 standard, which is
not very secure.
To BEA, do you know of a way of securing jars, but still having them read by
WL at run time?
Thanks,
Evan Child
[email protected]AFAIK this is impossible in Java. There are various tools such as obfuscators, and you can even encrypt the .class files if you supply a decrypting class loader, but at some point the byte codes have to appear in memory and from there they can be decompiled.
-
Small weblogic.jar for jms/j2ee clients of weblogic
We are trying to create a smaller footprint for the ~38M weblogic.jar for distribution
to our client applications to use the JMS and J2EE features of Weblogic 7.0sp2.
I attempted to use the whitepaper document distributed by BEA for creating a smaller
jar file, but it did not work. Has anyone else in the user community successfully
created the jar file and if so could they give me some insight on how they did
it.
Thanks,
Ashish
Hi Ashish,
I've personally used the "URL" class loader option with success,
and I know that several customers have also used this option, as
well as the other options for years. Feel free to
post more detail than "it did not work", and I may be able
to help you out.
Tom, BEA
P.S. If 8.1 is an option, you may with to consider using the
thin client jars it supplies.
Ashish Bisarya wrote:
> We are trying to create a smaller footprint for the ~38M weblogic.jar for distribution
> to our client applications to use the JMS and J2EE features of Weblogic 7.0sp2.
> I attempted to use the whitepaper document distributed by BEA for creating a smaller
> jar file, but it did not work. Has anyone else in the user community successfully
> created the jar file and if so could they give me some insight on how they did
> it.
>
> Thanks,
> Ashish
Maybe you are looking for
-
Dear Experts, For country grouping 24 we have GOSI(Insurance). wagetype /370 for GOSI applicable earnings /320 - EE contribution /321- EMP contribution . Percentage of /321 is 10 of /370 and /321 is 12 of /370. As per the standard it is calculating
-
MDX to fetch record from 1st of current month to 5th of next month and same for previous year
In my date dimension I have a attribute CalendarDate. I do have a hierarchy [Date].[Year].[Quarter].[Month].[CalendarDate] as well. I need to fetch data starting from 1st working day of current month to 5th working day of next month by MDX. I do have
-
Reconcile Delivary Balances - Aging Report
Hi, How to reconcile the Delivary Balances..which is showing in Aging Report even the A/R invoices amounts are reconciled. Thanks Srini
-
Moving between open windows and cursor doesn't work
I have several open windows from several programs. If I click on window 1 in program A, and then click on window 2 in program B, I expect the mac to switch to that window in program B. But many times lately, in Tiger, that does not happen. I can clic
-
Hi I have a problem i've seem to forgotten the answer to my security questions
I need help ??