Security class requires java.security file???
What is the use of java.security file? Which
classes refer this file while creating the instance?
Can we create a class file that will refer this security
file?
When the java program loads security class it needs java.security class?
In what type situation security class look into java.security file???
Pls help me
regards,
namanc
Open the java.security file up in notepad or something.
Similar Messages
-
Calling functions of the inner class in .java code file
Hello,
I created a .java code file in Visual J#.Net and converted it into
the application by adding the "public static void main(String args[])"
function.
I have created the two classes one extends from Applet, and the other
extends from Frame. The class which I inherited from the Frame class becomes
the inner class of the class extended from the Applet. Now How do I
call the functions of the class extended from Frame class - MenuBarFrame
class. the outline code is
public class menu_show extends Applet
------init , paint action function---------
public class MenuBarFrame extends Frame
paint,action function for Menu
public static void main(String args[])
applet class instance is created
instance of frame is created
Menu , MenuBar, MenuItem instance is created
and all these objects added
I have Created MenuBarFrame class instance as
Object x= new menu_show().new MenuBarFrame
????? How to call the functions such as action of MenuBarFrame class - what
should be its parameters??????
}Here's how I would do it:
interface Operation {
public int op(int y);
class X {
private int x;
public X(int x) {
this.x = x;
private class Y implements Operation {
public int op(int y) {
return x+y;
public Operation createOperation() {
return new Y();
public static void main(String[] args) {
X app = new X(17);
Operation f = app.createOperation();
System.out.println(f.op(-11));
}Your code, however, has some serious "issues". You typically don't
instantiate an applet class -- that's the job of the applet viewer or Java plugin
your browser is using. If you instantiate the applet directly, you're going
to have to supply it an AppletStub. Do you really want to go that way?
Again, use an applet viewer or browser, or better yet, why write applets at all? -
JCE requires: java.lang.RuntimePermission requires accessClassInPackage.sun.security.provider
I'm trying to use the JCE with JWS1.0.2. All I want to do is generate a KeyPair and I can NOT use a signed application. The code is:
public static KeyPair genDHKeyPair() throws Exception {
// properties...
DHParameterSpec dhSkipParamSpec;
dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
keyPairGenerator.initialize(dhSkipParamSpec);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair;
I'm using JDK1.4. This code works fine outside of JWS.
If I call this code I get an exception that states I need the stated RuntimePermission. IMHO this is a bug because I should be able to make use of simple standard extension methods like this. Is getting an instance of a KeyPairGenerator and generating a key pair a security risk?
The fix for this should be a simple addition to the security policy for JWS which gives SUN javax.crypto code access to the appropriate RuntimePermission.
Can anyone think of a reason why NOT to do this?
Thank you.
BTW, here's the Exception you would get if you tried this:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.provider)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:262)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at com.wss.calendar.client.swing.Main.main(Main.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.javaws.Launcher.executeApplication(Launcher.java:739)
at com.sun.javaws.Launcher.executeMainClass(Launcher.java:701)
at com.sun.javaws.Launcher.continueLaunch(Launcher.java:584)
at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:328)
at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:166)
at com.sun.javaws.Launcher.run(Launcher.java:134)
at java.lang.Thread.run(Thread.java:536)hi there,
Please I have the same problem in an applet that uses DSA with the following call:
pkey = (PublicKey) new DSAPublicKey(server_pub_key);
The Exception i am having on the console is
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.provider)
Note that I am NOT using JCE and that both netscape and IE browsers gave this error
Can somebody help me please?
Thanks in advance,
JPDib -
Error in weblogic7.0 :java.security.NoSuchAlgorithmException:
Hi All
thanks in advance.
i am facing a peculiar problem while using SunJce provider
i have some classes to encrypt& decrypt some information using
DeffieHellman protocol.
Problem 1
while i am running those classes in command prompts
some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
I am using JDK1.3 which comes with weblogic and jce1.2.2
for classpath and path setting
set path=D:\bea\jdk131_03\bin
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
Problem 2
While i am using those classes in servlet and jsp which are deployed in weblogic 7
Some time i am getting correct results
but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import com.sun.crypto.provider.SunJCE;
public class DiffieHellmanKeyGeneRation {
PublicKey alicePubKey=null;
PublicKey bobPubKey=null;
KeyAgreement aliceKeyAgree =null;
KeyAgreement bobKeyAgree =null;
* DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
* and assigns it to the instance variables .
* @param nil
* @returns nil
public DiffieHellmanKeyGeneRation(){
try {
String mode = "GENERATE_DH_PARAMS";
run(mode);
} catch (Exception e) {
System.err.println("Error: " + e);
System.exit(1);
* getAlicePubKey() -Return the Instance Variable alicePubKey
* @param nil
* @returns PublicKey
public PublicKey getAlicePubKey()
return alicePubKey;
* getBobPubKey() -Return the Instance Variable bobPubKey
* @param nil
* @returns PublicKey
public PublicKey getBobPubKey()
return bobPubKey;
* getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
* @param nil
* @returns KeyAgreement
public KeyAgreement getAliceKeyAgree()
return aliceKeyAgree;
* getBobKeyAgree() -Return the Instance Variable bobKeyAgree
* @param nil
* @returns KeyAgreement
public KeyAgreement getBobKeyAgree()
return bobKeyAgree;
*run() method -Generate Algorithm instance,KeySpec,and keypair
* and assigns it to the instance variables .
* @param String
* @returns nil
private void run(String mode) throws Exception {
DHParameterSpec dhSkipParamSpec=null;
// System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512);
AlgorithmParameters params = paramGen.generateParameters();
dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
* Alice creates her own DH key pair, using the DH parameters from
* above
// System.out.println("ALICE: Generate DH keypair ...");
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// Alice creates and initializes her DH KeyAgreement object
// System.out.println("ALICE: Initialization ...");
aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
// Alice encodes her public key, and sends it over to Bob.
byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
* Let's turn over to Bob. Bob has received Alice's public key
* in encoded format.
* He instantiates a DH public key from the encoded key material.
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
* Bob gets the DH parameters associated with Alice's public key.
* He must use the same parameters when he generates his own key
* pair.
DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
// Bob creates his own DH key pair
// System.out.println("BOB: Generate DH keypair ...");
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
// Bob creates and initializes his DH KeyAgreement object
// System.out.println("BOB: Initialization ...");
bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKpair.getPrivate());
// Bob encodes his public key, and sends it over to Alice.
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
* Alice uses Bob's public key for the first (and only) phase
* of her version of the DH
* protocol.
* Before she can do so, she has to instanticate a DH public key
* from Bob's encoded key material.
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
2)
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import sun.misc.*;
import com.sun.crypto.provider.SunJCE;
public class DHEncryptDecrypt {
PublicKey alicePubKey=null;
PublicKey bobPubKey=null;
KeyAgreement aliceKeyAgree =null;
KeyAgreement bobKeyAgree =null;
SecretKey bobDesKey = null;
SecretKey aliceDesKey =null;
* DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variables .
* @param nil
* @returns nil
public DHEncryptDecrypt()
try{
init();
}catch(Exception e){e.printStackTrace();}
* init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
* and assigns it to the instance variable ds.
* @param nil
* @returns nil
private void init() throws Exception
System.out.println("Initialising...");
DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
alicePubKey=dhPubKey.getAlicePubKey();
bobPubKey=dhPubKey.getBobPubKey();
aliceKeyAgree=dhPubKey.getAliceKeyAgree();
bobKeyAgree=dhPubKey.getBobKeyAgree();
//System.out.println("ALICE: Execute PHASE1 ...");
aliceKeyAgree.doPhase(bobPubKey, true);
* Bob uses Alice's public key for the first (and only) phase
* of his version of the DH
* protocol.
// System.out.println("BOB: Execute PHASE1 ...");
bobKeyAgree.doPhase(alicePubKey, true);
* At this stage, both Alice and Bob have completed the DH key
* agreement protocol.
* Both generate the (same) shared secret.
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
int aliceLen = aliceSharedSecret.length;
byte[] bobSharedSecret = new byte[aliceLen];
int bobLen;
/* try {
// show example of what happens if you
// provide an output buffer that is too short
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
} catch (ShortBufferException e) {
System.out.println(e.getMessage());
// provide output buffer of required size
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Shared secrets differ");
//System.out.println("Shared secrets are the same");
// System.out.println("Return shared secret as SecretKey object ...");
// Bob
// Note: The call to bobKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
bobKeyAgree.doPhase(alicePubKey, true);
bobDesKey = bobKeyAgree.generateSecret("DES");
// Alice
// Note: The call to aliceKeyAgree.generateSecret above reset the key
// agreement object, so we call doPhase again prior to another
// generateSecret call
aliceKeyAgree.doPhase(bobPubKey, true);
aliceDesKey = aliceKeyAgree.generateSecret("DES");
* encrypt() - Alice encrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
public String encrypt(String ClearText) throws Exception
String CipherText=null;
try{
// byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
byte[] cleartext = ClearText.getBytes();
//System.out.println("cleartext Array:"+ cleartext.size);
byte[] ciphertext = aliceCipher.doFinal(cleartext);
// BASE64Encoder b64e = new BASE64Encoder();
//CipherText = b64e.encode(ciphertext);
CipherText = new String(ciphertext);
}catch(Exception e){e.printStackTrace();}
return CipherText;
* encrypt() - Bob Decrypts, using DES in ECB mode
* and assigns it to the instance variable ds.
* @param String
* @returns String
public String decrypt(String CipherText) throws Exception
String Recovered=null;
try{
// byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
// System.out.println("Length of String is:"+CipherText.length());
Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
byte[] CipherTextBytes=CipherText.getBytes();
byte[] recovered = bobCipher.doFinal(CipherTextBytes);
Recovered=new String(recovered);
// System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
}catch(Exception e){e.printStackTrace();}
return Recovered;
and i am using following logic to encrypt and decrypt
String MyPlainText ="sm_user=residential&csol_account=383784";
//String MyPlainText ="This is my message";
System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
try{
DHEncryptDecrypt ed=new DHEncryptDecrypt();
String CipherText=(ed.encrypt(MyPlainText));
BASE64Encoder b64e = new BASE64Encoder();
String CipherText1 = b64e.encode(CipherText.getBytes());
System.out.println("\n\nUserInfo="+CipherText1);
String DecryptedMessage=ed.decrypt(CipherText);
System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
}catch(Exception e){e.printStackTrace();}
and my java.security file in D:\ bea\jdk131_03\jre\lib\security
is changed to add the provider as
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
policy.provider=sun.security.provider.PolicyFile
Pls help me to resolve the magic shown by these classes.....some time right and some time worng
mainly i need help in
Badpadding Exception and NosuchAlogorithm exception in weblogic
Thanks
And regards
Aratireplace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
this should at least fix your "Badpadding exception" problem (it did fix it for me). -
Implementing a secure class loader..
Hello,
We have a custom class loader which loads in custom packages from the database or from the file system. We want to ensure that these custom classes do not read or write into the file system. I want to restrict access to these classes when creating them. I read that by setting the proper permissions when defining the class, this could be possible. Here is my implementation of the class loader :
import java.io.File;
import java.io.FileInputStream;
import java.io.FilePermission;
import java.io.IOException;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.PrivilegedExceptionAction;
import java.security.SecureClassLoader;
public class TestClassLoader extends SecureClassLoader {
JarParser jp;
public TestClassLoader(JarParser jp) {
super();
this.jp = jp;
public Class findClass(final String name) throws ClassNotFoundException {
try {
return(Class)
AccessController.doPrivileged (
new PrivilegedExceptionAction() {
public Object run() throws ClassNotFoundException {
byte[] buf = null;
try {
if(jp == null)
throw new ClassNotFoundException("Jar file not found");
String className = name.replace( '.', '/' ) + ".class";
buf = jp.getResource(className);
if(buf == null || buf.length == 0)
throw new ClassNotFoundException("Class not found");
CodeSource cs = getCodeSource(name);
return defineClass(name, buf, 0, buf.length, cs);
catch(Exception e) {
throw new ClassNotFoundException(name, e);
catch(Exception e) {
throw new ClassNotFoundException(name, e);
* @param name
protected CodeSource getCodeSource(String name) {
try {
return new CodeSource(new URL("file", "localhost", name), null);
catch(Exception e){
e.printStackTrace();
return null;
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new Permissions();
pc.add(new RuntimePermission("exitVM"));
pc.add(new FilePermission("${user.home}${/}*", "read"));
pc.add(new FilePermission("${user.dir}${/}*", "read"));
pc.add(new SocketPermission("localhost", "resolve"));
return pc;
public static void main(String[] args) {
try {
byte[] bytes = new byte[8192];
long ttlBytesRead = 0;
int noOfBytesToRead = 0;
File readFile = new File("test.jar");
// "length" here indicates the total no of bytes to read.
// This is equal to the file size sans the offset value.
long length = readFile.length();
Long temp;
FileInputStream readFis = null;
// Create the RandomAccessFile
try{
readFis = new FileInputStream(readFile);
catch(Exception e) {
throw new IOException(e.getMessage());
long tempLong;
StringBuffer buffer = new StringBuffer();
do {
if ((length - ttlBytesRead) > 8192)
tempLong = 8192;
else
tempLong = (length - ttlBytesRead);
temp = new Long((length - ttlBytesRead) > 8192 ? 8192 : (length - ttlBytesRead));
noOfBytesToRead = temp.intValue();
if(noOfBytesToRead == 0)
break;
// Read the specified no of bytes into the byte
// array from the file.
try {
readFis.read(bytes,0,noOfBytesToRead);
catch(Exception e1) {
throw new IOException(e1.getMessage());
String str = new String(bytes, 0, noOfBytesToRead);
buffer.append(str);
ttlBytesRead += noOfBytesToRead;
} while(ttlBytesRead < length);
try {
readFis.close();
catch(Exception e1) {}
JarParser jp = new JarParser("test.jar", buffer.toString().getBytes());
TestClassLoader tcl = new TestClassLoader(jp);
Class class1 = tcl.findClass("com.test.TestFileWrite");
Object obj = class1.newInstance();
catch(Exception e) {
e.printStackTrace();
}JarParser is the class which parses through the jar file and caches the contents as bytes.
The test.jar contains a single class which writes into the user's home directory. As you can see, I have granted only read access on the home dir.
When I run this however, the newly loaded class does manage to write into the file system with no problems. Is there anything further that I need to do to enable restriction on the file system ?
Thanks.If I've been reading correctly, they don't want you
subclassing SecurityManager for security any more.
Everything should be handled by the AccessController
using Permission objects. The easiest way to configure
the AccessController is through policy files.erg. where did you read this? I checked the 1.5.0 beta API just now, and nothing is officially deprecated.
:{ I don't have time to figure out the AccessController API right now.
I have yet to find a good tutorial on the matter of
security and classloaders. If anyone has a good
reference, it would be much appreciated.I second that.
And as a temporary solution (because we're already behind schedule), I went ahead and wrote my own SecurityManager, using the ideas I mentioned above.
I'm posting it at the site below in case anyone can offer any feedback (such as pointing out fatal weaknesses). We tried yesterday for an hour or so to break it, and it withstood all our tests; but security is not our specialty, so there's probably room for improvement.
(I'd post it in this message, but it's a wee bit large.)
www.personal.utulsa.edu/~jeremy-wood/software/ThreadBasedSecurityManager.java
(And if it passes your scrutiny and looks useful, feel free to use it. But note the disclaimers.) -
See my error java.security.AccessControlException: access denied how change
hi master
sir wrote connection class that run and give me right result
but when i call data from applet then
java give me error
java.security.AccessControlException: access denied (java.util.PropertyPermission oracle.jserver.version read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
=======
sir i serch in net i got some idea
i. change java.policy
and put this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
sir please give me idea i serch java.policy in my system that show many java.policy file
sir which file i use and where i put
this code
grant codeBase "http://ib-s01/-" {
permission java.security.AllPermission;
second idea got from net change the java.security
2. change java.security
and put this code
policy.url.1=file:${java.home}/lib/security/java.policy
sir please give me idea i serch java.policy in my system that show many java.security file
sir which file i use and where i put
this code
policy.url.1=file:${java.home}/lib/security/java.policy
please give me idea how i chang my java.policy and java.security file
thank you
aamirAmir,
You have to make your applet a signed applet.
Please search the Internet to find out how to do this.
Good Luck,
Avi. -
Java.security.AccessControlException: access denied (oracle.security.jazn.J
Hi All.
I am calling the getIdentityStoreFactory() method in the IdentityStoreFactoryBuilder class and I am getting the following error:
oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
Any ideas what is going on and any possible fixes?
thanks
jamesI will move it to the OC4j and J2ee forum.
Thanks for bring it to my attention.
Message was edited by:
user480263 -
The role of java.security.acl in Java 2 security
I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
Thanks much,
Alex KarasuluI see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
Thanks,
Alex -
MII Workbench and java security Issue for jdk7
Hello all,
I am using MII version 12.2.2 Build(234) and java version jdk7.
Now,I am not able to open or create a transaction in workbench.
In java console, an error is shown below:
AWT-EventQueue-0 [ERROR] - java.lang.ExceptionInInitializerError
at com.sap.lhcommon.expressioneval.ExpressionLoader.<clinit>(ExpressionLoader.java:282)
at com.sap.xmii.bls.expressioneval.TransactionFunctions.<clinit>(TransactionFunctions.java:27)
at com.sap.xmii.xacute.editors.common.FunctionsComboBox.createBox(FunctionsComboBox.java:45)
at com.sap.xmii.xacute.editors.common.FunctionsComboBox.<init>(FunctionsComboBox.java:39)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.createExpressionEditorPanel(LinkEditorPanel.java:1033)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.initialize(LinkEditorPanel.java:316)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.<init>(LinkEditorPanel.java:198)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorBottomPanel.<clinit>(LinkEditorBottomPanel.java:28)
at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.initDisplay(TransactionInfo.java:353)
at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.createNewFile(TransactionInfo.java:149)
at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction.createFileInfoObject(NewAction.java:194)
at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction$1.construct(NewAction.java:115)
at com.sap.lhcommon.gui.ThreadCreator$2.run(ThreadCreator.java:96)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.action")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass0(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sap.lhcommon.expressioneval.functions.DecodeFunction.<clinit>(DecodeFunction.java:83)
... 14 more
I also modified the 'java.policy' file. But it did not work. I am still getting the same error.
Kindly advise..
Thanks,
Ritwika.I do not yet know the security implications of doing what I did to fix this issue, but here is my solution.
I added the following to the jre7 java.policy file in the section "grant {":
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action"; -
Cannot start OC4J instance after specifying default java.security.manager
Hi All,
I am using OracleiAS 10.1.3.4 and trying to make use of the new User and Role APIs introduced in 10.1.3.1.
While trying to get an object of IdentityStore using the following code, I got this error -
java.security.PrivilegedActionException: oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
oidFactory = (IdentityStoreFactory) AccessController.doPrivileged(
new PrivilegedExceptionAction()
public Object run() throws IMException
IdentityStoreFactoryBuilder builder =
new IdentityStoreFactoryBuilder();
return builder.getIdentityStoreFactory();
I then tried specifying the default security manager in start JAVA options for my oc4j instance - Djava.security.manager. I also verified that my java policy file is present under $ORACLE_HOME/j2ee/oc4j_soa/config/java2.policy. But the issue is - once I put this default secirity manager in startup options in opmn.xml, the oc4j instance does not get started, it gives following error -
08/12/30 02:58:22 Start process
Dec 30, 2008 2:58:24 AM com.evermind.server.XMLDataSourcesConfig parseRootNode
INFO: Legacy datasource detected...attempting to convert to new syntax.
08/12/30 02:58:29 WARNING: Application.setConfig Application: default is in failed state as initialization failed.
java.lang.ExceptionInInitializerError
08/12/30 02:58:29 Error initializing server: Application: default is in failed state as initialization failed
08/12/30 02:58:32 Fatal error: server exiting
Any idea ? Any pointers please ?
Thanks,
AnkitAnkit,
Check your syntax for the datasource. If you migrated from file-based to OID, then you should look at this link:
http://download.oracle.com/docs/cd/E12524_01/relnotes.1013/e12523/oc4j.htmThere is a known issue when migrating from file-based to OIM\OID. Navigate to:
12.2 JAZNMigration Tool Does Not Migrate ADFPrincipal Type Correctly
-Michael -
Java.io.File performance and file stat on windows
hi,
i've written an application that needs to find out about a section of a file tree as fast as possible. For each file from a given directory it needs to know things like the files length, lastModified and if its a directory etc..
My problem is that this is a bottleneck - the application is a end-user GUI and so the 20 odd seconds it can take is annoying, even with a progress bar. I'm not sure why its taking so long - i've not done the tests yet but am pretty sure that a native routine would be much faster.
I'm thinking that each call to File.length or File.isDirectory returns to the disk per method invokation to see whats happened. Although this is correct, it would be nicer to able to say something like get me a snapshot of the file (so it collects all the information at the same time) and have an explicit method for updating the snapshot. Does anyone know if this is correct?
thanks,
asjf
http://onesearch.sun.com/search/developers/index.jsp?qt=%2B+%2Bjava.io.File+slow&col=javabugs&category=&state=&query=java.io.File+slowhi,
ShellFolder also seems to work great :)
It seems to have the same performance characteristics as the snapshot code on the network drive, but for local disk drives it seems maybe 10% faster again - why is this not part of the j2se libraries??? maybe JSR203 will provide something equivalent..
thanks again,
asjf
import java.io.*;
import java.lang.reflect.*;
public final class FileTricks {
private static Class cShellFolder, cShellFolderManager;
private static Constructor ctrShellFolderManager;
private static Method mCreateShellFolder;
private static Object sfm;
static {
try {
cShellFolder = Class.forName("sun.awt.shell.ShellFolder");
cShellFolderManager = Class.forName("sun.awt.shell.ShellFolderManager");
ctrShellFolderManager = cShellFolderManager.getDeclaredConstructor(new Class [] {});
ctrShellFolderManager.setAccessible(true);
sfm = ctrShellFolderManager.newInstance(new Object [] {});
mCreateShellFolder = cShellFolderManager.getDeclaredMethod("createShellFolder",new Class [] {File.class});
mCreateShellFolder.setAccessible(true);
} catch(Exception e) {
e.printStackTrace();
cShellFolder = cShellFolderManager = null;
ctrShellFolderManager = null;
mCreateShellFolder = null;
sfm = null;
public static final File attemptReplaceWithShellFolder(File actual) {
File result = actual;
if(cShellFolder != null && !cShellFolder.isInstance(actual)) {
try {
result = (File) mCreateShellFolder.invoke(sfm, (new Object [] {actual}));
System.out.print(".");
} catch(Exception e) {
System.out.print("#");
return result;
public final static class FileSnapshot {
private static Method mGetBooleanAttributes;
private static int BA_DIRECTORY, BA_EXISTS, BA_REGULAR, BA_HIDDEN;
private static Object fs;
public final boolean isDirectory, exists, isRegular, isHidden;
public FileSnapshot(File f) {
boolean e, d, r, h;
try {
int ba = ((Integer)mGetBooleanAttributes.invoke(fs, new Object [] {f})).intValue();
d = (ba & BA_DIRECTORY)!=0;
e = (ba & BA_EXISTS)!=0;
r = (ba & BA_REGULAR)!=0;
h = (ba & BA_HIDDEN)!=0;
} catch(Exception x) {
d = f.isDirectory();
e = d || f.exists();
r = f.isFile();
h = f.isHidden();
isDirectory = d; exists = e; isRegular = r; isHidden = h;
static {
try {
Class cFile = Class.forName("java.io.File");
Class cFileSystem = Class.forName("java.io.FileSystem");
mGetBooleanAttributes = cFileSystem.getDeclaredMethod("getBooleanAttributes", new Class [] {File.class});
Field fBA_EXISTS = cFileSystem.getDeclaredField("BA_EXISTS");
Field fBA_REGULAR = cFileSystem.getDeclaredField("BA_REGULAR");
Field fBA_DIRECTORY = cFileSystem.getDeclaredField("BA_DIRECTORY");
Field fBA_HIDDEN = cFileSystem.getDeclaredField("BA_HIDDEN");
Field fFs = cFile.getDeclaredField("fs");
mGetBooleanAttributes.setAccessible(true);
fFs.setAccessible(true);
fBA_EXISTS.setAccessible(true);
fBA_REGULAR.setAccessible(true);
fBA_DIRECTORY.setAccessible(true);
fBA_HIDDEN.setAccessible(true);
BA_EXISTS = ((Integer)fBA_EXISTS.get(null)).intValue();
BA_REGULAR = ((Integer)fBA_REGULAR.get(null)).intValue();
BA_DIRECTORY = ((Integer)fBA_DIRECTORY.get(null)).intValue();
BA_HIDDEN = ((Integer)fBA_HIDDEN.get(null)).intValue();
fs = fFs.get(null);
} catch(Exception e) {}
} -
Java.rmi.UnmarshalException: Failed to load class com.msl.security.provider
Hi ,
I have the following error while i am stopping a Weblogic instance. Did anyone face a similar issue, please let me know. I see a classnotfound error , but not sure what is that jar file. Is it a application jar or a weblogic one?
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
log4j: Trying to find [resources/comdev/default-log4j.properties] using context classloader java.net.URLClassLoader@183f74d.
log4j: Using URL [jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties] for automatic log4j configuration.
log4j: Reading configuration from URL jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties
log4j: Hierarchy threshold set to [ALL].
log4j: Parsing for [root] with value=[INFO, NA].
log4j: Level token is [INFO].
log4j: Category root set to INFO
log4j: Parsing appender named "NA".
log4j: Parsed "NA" options.
log4j: Finished configuring.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:7009 with userid weblogic ...
This Exception occurred at Sun Apr 10 14:17:03 UTC 2011.
javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested excep
tion is:
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:32)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:673)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
... 48 more
Problem invoking WLST - Traceback (innermost last):
File "/web/10.2/user_projects/domains/dom/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: 'Error occured while performing connect : Error getting the initial context. There is no server running at t3://localhost:7009 Use dumpStac
k() to view the full stacktrace'
Thanks a lot for your time.
ManishHi Manish,
It seems that you are using a custom security provider and the weblogic server is not able to find the class / jar file that contains the class.
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
Make sure you have all the required jar files in the server classpath.
You can use the JarScan utility to find the jar that contains the class.
Refer the below link regarding the jarScan.
http://weblogic-wonders.com/weblogic/2011/01/26/finding-jar-files-using-jarscan/
Regards,
Anandraj
http://weblogic-wonders.com -
Java.rmi.UnmarshalException Failed to load class com.msl.security.providers
Hi ,
I have the following error while i am stopping a Weblogic instance. Did anyone face a similar issue, please let me know. I see a classnotfound error , but not sure what is that jar file. Is it a application jar or a weblogic one?
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
log4j: Trying to find [resources/comdev/default-log4j.properties] using context classloader java.net.URLClassLoader@183f74d.
log4j: Using URL [jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties] for automatic log4j configuration.
log4j: Reading configuration from URL jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties
log4j: Hierarchy threshold set to [ALL].
log4j: Parsing for [root] with value=[INFO, NA].
log4j: Level token is [INFO].
log4j: Category root set to INFO
log4j: Parsing appender named "NA".
log4j: Parsed "NA" options.
log4j: Finished configuring.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:7009 with userid weblogic ...
This Exception occurred at Sun Apr 10 14:17:03 UTC 2011.
javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested excep
tion is:
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:32)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:673)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
... 48 more
Problem invoking WLST - Traceback (innermost last):
File "/web/10.2/user_projects/domains/dom/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: 'Error occured while performing connect : Error getting the initial context. There is no server running at t3://localhost:7009 Use dumpStac
k() to view the full stacktrace'
Thanks a lot for your time.
ManishHi Manish,
It seems that you are using a custom security provider and the weblogic server is not able to find the class / jar file that contains the class.
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
Make sure you have all the required jar files in the server classpath.
You can use the JarScan utility to find the jar that contains the class.
Refer the below link regarding the jarScan.
http://weblogic-wonders.com/weblogic/2011/01/26/finding-jar-files-using-jarscan/
Regards,
Anandraj
http://weblogic-wonders.com -
Error when applet try to load java.security.spec.PKCS8EncodedKeySpec class
Hi i am writing an applet which grants permissions from the user
.I am using swing components so i use dubuild(from microsfot) to make
a cab file,then i sign it and all goes ok.
Also in my applet i try to read a Key from the user's harddrive in
PKCS8Encoded format but it fails.
I tried to run the same code as an application and all worked fine.
I suspect that somehow i have to include the PKCS8EncodedKeySpec.class
in the cab file.I have put it inside the cab file(together with all the swing components classes and mine too) but i still get NoClassDefFoundError:java.security.spec.PKCS8EncodedKeySpec
that means it can load the specific class that my applet has been previously compiled with.
i would appreciate any suggestion,help
Yours
AndrewThe means that java.security.spec.PKCS8EncodedKeySpec is not in any jar present in the classpath. This class was not in JSE 1.2. It was only introduced in 1.3. Maybe you browser use 1.2 ?
-
Is it possible to override Java.security file
Hi,
Is there some property which we can pass with -D argument to JVM to specify a custom java.security file, similar to the way we can specify a custom policy file using "java -Djava.security.policy".
My actual requirement is to insert a new Provider which I do not want to do by adding add/insertProvider in my code, nor do I want to change the file
Any workarounds??Yes:
java -Djava.security.properties=<url> ...
If you use a double equals (==) then you just get the specified property file. If you use a single equals (=) then it appends to the default property file (overwriting duplicate entries with the values in the specified property file).
Maybe you are looking for
-
Flash Player is Out of Date - issue
When ever I use Google or Facebook or YouTube I am getting the message of "Your Flash Player is Out of Date". I also checked on internet & with that I could find out some way that I needed to check in Library --> Service--> in that i need to have fil
-
How do I change the "home based" computer for my IPOD to a new laptop?
How do I change the "home based" computer for my IPOD to a new laptop? When I plug in y IPOD classic, I get a msg asking me to erase the IPOD. What I'd like to do is make the laptop my "home base" vs. my desktop. I have had no success when using i
-
BusinessObjects XI 3.1 SP3 with tomcat6
Hello How is it possible to install BusinessObjects XI 3.1 SP3 on a windows 2003 64bits platform with tomcat6? Thanks
-
E7 application installation issues
I have difficulties installing new applications to my phone. When using the store, almost all applications cannot be installed, yielding an error. Same problem when installing donwloaded SIS -packages, e.g. languages for the Nokia dictionary. I am ru
-
AppleTV and iTunes without Leaving Computer On All The Time/NAS iTunes Server
I begrudge having to leave my iMac on all the time just so now and again I can play music, pictures and video from it through AppleTV. My iMac is 2 floors up from the AppleTV, and as there is no wake on LAN working (I can't get it to work if there is