Viewing/setting java security properties

I am using a thrid party utility that is calling InetAddress.getLocalHost(). After checking the performance from JProfiler, I observed that this method poor at performance. Javadoc mentions that INetAddress is cached which is controlled by two java security properties: networkaddress.cache.ttl and networkaddress.cache.negative.ttl. How do I view this property value and change it if required?

I have done a little bit of more research in Java forums regarding setting these system properties. It looks like setting them is the only option to be able to connect to a Glassfish AS running on a seperate server, as the driver classes check this property at runtime to determine the host.
So I am basically left with the only choice of finding a convenient way to set these properties properly per communication channel, but unfortunately, I still am not able to find how.
Kind Regards,
S. Gökhan TOPÇ

Similar Messages

Alternative to set "java.security.auth.login.config" ?

In all examples of using JASS, it uses the following way.
System.setProperty("java.security.auth.login.config", fileName)
Is there a way I can specify the policies in code, not in a file? That way I don't have to worry about file permissions.
p.s. Thanks for Seema-1 who anwsered my last question.
Message was edited by:
maqiang9111

Has anyone done the same thing for the java.security.krb5.conf setting? I tried setting it using the same form of URL that I use for java.security.auth.login.config, and I get this error when the kerberos code attempts to use it:
Could not load configuration file jar:file:\C:\dev\workspace\myapp\client-data.jar!\krb5.ini (The filename, directory name, or volume label syntax is incorrect)
The corresponding login context conf file in the same jar loads fine.

How can we set the security properties of adobe

Hi all,
I am developing an interactive form in Adobe lifecycle designer 8 .
The Document properties -> security "signing " is set as not allowed .
Is there a way to change the properties when I am designing the form in ALD ?
Thanks ,
naval bhatt .

Hi all ,
we just need adobe pro you can change the settings in the menu .
Advanced -> change usage rights in Adobe reader

Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help

Thanks for all the posting re. this issue....
I think the way Weblogic implemented "support" for JAAS in 8.1 totally
blows. In fact, when I asked BEA support about this, they basically sent me
an email saying that "Weblogic owns the JAAS configuration" so if you have a
security framework that is application server agnostic, but leverages JAAS
then you are screwed when deploying on Weblogic 8.1.
I looked for a workaround and believe that instead of using an entry in
java.security for your custom configuration class, if you set the JVM
parameter
-Dlogin.configuration.provider=com.foo.SecurityConfiguration
then what happens is that the Weblogic custom class
weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
to load the login module configuration and if that fails, it delegates to
com.foo.SecurityConfiguration. So this should enable both the weblogic
security framework and a custom security framework that are both based on
JAAS
I'm currently testing this out
"Lloyd Fernandes" <[email protected]> wrote in message
news:[email protected]...
>
Robert Greig <[email protected]> wrote:
Lloyd Fernandes wrote:
"Lloyd Fernandes" <[email protected]> wrote:
"Prashant Nayak" <[email protected]> wrote:
We configure a custom implementation of the JAAS
javax.security.auth.login.Configuration class for our applications
security
framework in JRE_LIB/security/java.security using the entry
login.configuration.provider=com.foo.SecurityConfiguration
However, this does not seem get picked up and the configuration
provider
class instead seems to default to
weblogic.security.service.ServerConfiguration
instead.
Has anyone else seen this?
We're using the JDK bundled with Weblogic 8.1
TIA for your help
As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
>>>>
>>>>
The default Configuration implementation can be changed by settingthe
value of
the "login.configuration.provider" security property (in the Java
security
properties
file) to the fully qualified name of the desired Configurationimplementation
class. The Java security properties file is located in the file named
<JAVA_HOME>/lib/security/java.security,
where <JAVA_HOME> refers to the directory where the JDK was installed.
Have you tried to use a startup class to set the configuration providerusing
javax.security.auth.login.setConfiguration(YourConfigClass);
Weblogic probably uses this to set the configuration class to it'sown.
You have to consider whether this is really something you want to do
however. If you want to get WLS to use a custom authenticator use its
SSPIs. You can configure the order etc. in the admin console.
By overriding the configuration you override it for the server as a
whole which can mean for example that you cannot login to the admin
console. Having said this, from memory, I believe that the property is
ignored in WLS. However you can still call
Configuration.setConfiguration if you really want to.
The fact that there is a "global static" in the Configuration class is
a
Bad Thing IMHO, that was never really designed for an app server
environment.
Robert
If it is a bad thing to have a static how come Weblogic uses it instead ofthe
standard way of modifying the property in java security file - it isbecause
weblogic wants it's own way of implementing instead of using using the'plugable
module' architecture of JAAS.
When weblogic advertised that it will support JAAS the impression was thatWeblogic
would provide a login module that will implement the security mechanism itwanted
- instead it went it's own way.
Also consider the following
1. JAAS specifies a mechanism for multiple configurations based on a'application'.
This is not possible in the current 'weblogic security mechanism'
2. Weblogic says it supports JAAS but what it does not tell you is that inorder
to use available login modules you have to write a whole bunch of code tosupport
principal validators and authenticators. (I begin to wonder if write oncedeploy
anywhere is not part of Sun's certification process anymore)

Java System Properties in WL 6

We are Running WL 6 as an NT Service.
Is there a way to set Java System Properties in WL 6 that won't require
deinstalling/re-installing the WL Services everytime????
Thanks
Tom

Why use JNI? That's a little overkill. Just use args[] in main.
public static void main( String args[] ) {
for( int i = 0; i < args.length; i++ ) {
if( args.startsWith("-Duser.name=") ) {
System.out.println( "Well " + args[i].substring("-Duser.name=".length) + " you're not who you say you are!" );
System.exit(-1);

Java.security.acl.NotOwnerException when Administration Port is set

I get the NOE, posted below, when I start some of my managed servers, while other managed servers
start fine. After some scrutiny I discover the differences is that in /console, I've set some of my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What the heck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com!

Ah, I see! The introduction of an "admin server" in 6.0 caused the confusion for me. The
Administration Port is NOT the port number of the admin server!
Gene
"Kumar Allamraju" <[email protected]> wrote in message news:[email protected]...
This is equivalent to weblogic.system.AdministrationPort in 451/510.
In 451/51 if you start WLS server with
java -Dweblogic.system.administrativePort=2000 weblogic.Server
and then executing
D:\releases\510>java weblogic.Admin admin://localhost:2000 VERSION
returns the WLS version.
WebLogic Build: 5.1.0 Service Pack 8 12/20/2000 16:34:54 #95137
Bottom line is, once you set admin port, all admin stuff can be done on admin protocol only.
It appears this is not happening/broken in 6.0 . There's already an engg issue filed on thisproblem.
>
Kumar
Gene Chuang wrote:
I get the NOE, posted below, when I start some of my managed servers, while other managed
servers
start fine. After some scrutiny I discover the differences is that in /console, I've set someof my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What theheck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com!

Solution to: javax.naming.AuthenticationException. Root exception is java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set

Hello world,
To anybody who receives this irritating error in a Java client
application attempting to access Weblogic Server 6.1 (and possibly
weblogic server 6):
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
The cause of your problem is having JAAS explicitly in your classpath.
It somehow messes up authentication to WebLogic. Remove it and your
problem will disappear.
The complete exception was:
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
 at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
 at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
 at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
 at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
 at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
 at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
 at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
 at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
 at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
 at javax.naming.InitialContext.init(InitialContext.java:222)
 at javax.naming.InitialContext.<init>(InitialContext.java:198)
 at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
 at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
 at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
 at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)

Steve Wesemeyer <[email protected]> wrote:
I have encountered the same problem and I do not have JAAS on my classpath
at all (unless it's there by default). Are there any other possible
causes for this?
Cheers,
SteveA note to all who read this thread:
I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
the same problem went away. 1 programmer day down the drain....
Regards,
MG

Setting Java Properties

Hi everybody. I have been looking around, but can't find anywhere where you set Java Properties (the one's you get via System.getProperty() ) in the iAS. Our current application has a lot of these properties, and in order for getting it running on the iAS I must be able to specify Java Properties. Does anybody know where I do this (it's an OC4J mod, not JServ).
Regards, Magnus Edevag
[email protected]

It's easy - in each OC4J container there is a "server" link (down at the left side). In following screen there are three lines (again at the bottom) - last one is called Java properties. It is where you specify startup parameters for JVM. BTW, you can find them in opmn/conf/opmn.xml. Sometimes, if you hit the wrong button you have to go there and edit directly.
Myrra

How can i deal with java.security.AccessControlException?

Hi all, I need to implement JavaMail using Servlet and deploy throught J2EE deployment tool. But when i test out the servlet i will always encounter this exception thrown. How can i solve this?
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
This is the servlet i am testing. Please advise. Thanks in advance!
* @(#)JavaMailServlet.java 1.3 99/12/06
* Copyright 1998, 1999 Sun Microsystems, Inc. All Rights Reserved.
* This software is the proprietary information of Sun Microsystems, Inc.
* Use is subject to license terms.
import java.io.*;
import java.util.*;
import java.text.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;
* This is a servlet that demonstrates the use of JavaMail APIs
* in a 3-tier application. It allows the user to login to an
* IMAP store, list all the messages in the INBOX folder, view
* selected messages, compose and send a message, and logout.
* 
* Please note: This is NOT an example of how to write servlets!
* This is simply to show that JavaMail can be used in a servlet.
* 
* For more information on this servlet, see the
* JavaMailServlet.README.txt file.
* 
* For more information on servlets, see
* * http://java.sun.com/products/java-server/servlets/index.html
* @author Max Spivak
public class JavaMailServlet extends HttpServlet implements SingleThreadModel {
String protocol = "POP3";
String mbox = "INBOX";
* This method handles the "POST" submission from two forms: the
* login form and the message compose form. The login form has the
* following parameters: <code>hostname</code>, <code>username</code>,
* and <code>password</code>. The <code>send</code> parameter denotes
* that the method is processing the compose form submission.
public void doPost(HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
// get the session
 HttpSession ssn = req.getSession(true);
 String send = req.getParameter("send");
String host = req.getParameter("hostname");
String user = req.getParameter("username");
String passwd = req.getParameter("password");
URLName url = new URLName(protocol, host, -1, mbox, user, passwd);
ServletOutputStream out = res.getOutputStream();
 res.setContentType("text/html");
 out.println("<html><body bgcolor=\"#CCCCFF\">");
 if (send != null) {
 // process message sending
 send(req, res, out, ssn);
 } else {
 // initial login
 // create
 MailUserData mud = new MailUserData(url);
 ssn.putValue("javamailservlet", mud);
 try {
 Properties props = System.getProperties();
 System.out.println("url");
 props.put("mail.smtp.host", host);
 Session session = Session.getDefaultInstance(props, null);
 session.setDebug(false);
 Store store = session.getStore(url);
 store.connect();
 Folder folder = store.getDefaultFolder();
 if (folder == null)
 throw new MessagingException("No default folder");
 folder = folder.getFolder(mbox);
 if (folder == null)
 throw new MessagingException("Invalid folder");
 folder.open(Folder.READ_WRITE);
 int totalMessages = folder.getMessageCount();
 Message[] msgs = folder.getMessages();
 FetchProfile fp = new FetchProfile();
 fp.add(FetchProfile.Item.ENVELOPE);
 folder.fetch(msgs, fp);
 // track who logged in
 System.out.println("Login from: " + store.getURLName());
 // save stuff into MUD
 mud.setSession(session);
 mud.setStore(store);
 mud.setFolder(folder);
 // splash
 out.print("<center>");
 out.print("");
 out.println("Welcome to JavaMail!</center>");
 // folder table
 out.println("<table width=\"50%\" border=0 align=center>");
 // folder name column header
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("FolderName</td> ");
 // msg count column header
 out.print("<td width=\"25%\" bgcolor=\"#ffffcc\">");
 out.print("");
 out.println("Messages</td> ");
 out.println("</tr>");
 // folder name
 out.print("<tr><td width=\"75%\" bgcolor=\"#ffffff\">");
 out.print("<a href=\"" + HttpUtils.getRequestURL(req) + "\">" +
 "Inbox" + "</a></td> ");
 // msg count
 out.println("<td width=\"25%\" bgcolor=\"#ffffff\">" +
 totalMessages + "</td>");
 out.println("</tr>");
 out.println("</table");
 } catch (Exception ex) {
 out.println(ex.toString());
 } finally {
 out.println("</body></html>");
 out.close();
* This method handles the GET requests for the client.
public void doGet (HttpServletRequest req, HttpServletResponse res)
 throws ServletException, IOException {
HttpSession ses = req.getSession(false); // before we write to out
ServletOutputStream out = res.getOutputStream();
 MailUserData mud = getMUD(ses);
 if (mud == null) {
 res.setContentType("text/html");
 out.println("<html><body>Please Login (no session)</body></html>");
 out.close();
 return;
 if (!mud.getStore().isConnected()) {
 res.setContentType("text/html");
 out.println("<html><body>Not Connected To Store</body></html>");
 out.close();
 return;
 // mux that takes a GET request, based on parameters figures
 // out what it should do, and routes it to the
 // appropriate method
 // get url parameters
 String msgStr = req.getParameter("message");
String logout = req.getParameter("logout");
 String compose = req.getParameter("compose");
 String part = req.getParameter("part");
 int msgNum = -1;
 int partNum = -1;
 // process url params
 if (msgStr != null) {
 // operate on message "msgStr"
 msgNum = Integer.parseInt(msgStr);
 if (part == null) {
 // display message "msgStr"
res.setContentType("text/html");
 displayMessage(mud, req, out, msgNum);
 } else if (part != null) {
 // display part "part" in message "msgStr"
 partNum = Integer.parseInt(part);
displayPart(mud, msgNum, partNum, out, res);
 } else if (compose != null) {
 // display compose form
 compose(mud, res, out);
} else if (logout != null) {
 // process logout
try {
mud.getFolder().close(false);
mud.getStore().close();
 ses.invalidate();
out.println("<html><body>Logged out OK</body></html>");
} catch (MessagingException mex) {
out.println(mex.toString());
 } else {
 // display headers
 displayHeaders(mud, req, out);
/* main method to display messages */
private void displayMessage(MailUserData mud, HttpServletRequest req,
 ServletOutputStream out, int msgNum)
 throws IOException {
 out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\">");
 out.print("<center>");
 out.println("Message " + (msgNum+1) + " in folder " +
 mud.getStore().getURLName() +
 "/INBOX</center>");
 try {
 Message msg = mud.getFolder().getMessage(msgNum);
 // first, display this message's headers
 displayMessageHeaders(mud, msg, out);
 // and now, handle the content
 Object o = msg.getContent();
 //if (o instanceof String) {
 if (msg.isMimeType("text/plain")) {
 out.println("<pre>");
 out.println((String)o);
 out.println("</pre>");
 //} else if (o instanceof Multipart){
 } else if (msg.isMimeType("multipart/*")) {
 Multipart mp = (Multipart)o;
 int cnt = mp.getCount();
 for (int i = 0; i < cnt; i++) {
 displayPart(mud, msgNum, mp.getBodyPart(i), i, req, out);
 } else {
 out.println(msg.getContentType());
 } catch (MessagingException mex) {
 out.println(mex.toString());
 out.println("</BODY></html>");
 out.close();
* This method displays a message part. <code>text/plain</code>
* content parts are displayed inline. For all other parts,
* a URL is generated and displayed; clicking on the URL
* brings up the part in a separate page.
private void displayPart(MailUserData mud, int msgNum, Part part,
 int partNum, HttpServletRequest req,
 ServletOutputStream out)
 throws IOException {
 if (partNum != 0)
 out.println("<hr>");
try {
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 if (partNum != 0)
 out.println("Attachment Type: " +
 ct.getBaseType() + " ");
 if (ct.match("text/plain")) {
 // display text/plain inline
 out.println("<pre>");
 out.println((String)part.getContent());
 out.println("</pre>");
 } else {
 // generate a url for this part
 String s;
 if ((s = part.getFileName()) != null)
 out.println("Filename: " + s + " ");
 s = null;
 if ((s = part.getDescription()) != null)
 out.println("Description: " + s + " ");
 out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?message=" +
 msgNum + "&part=" +
 partNum + "\">Display Attachment</a>");
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This method gets the stream from for a given msg part and
* pushes it out to the browser with the correct content type.
* Used to display attachments and relies on the browser's
* content handling capabilities.
private void displayPart(MailUserData mud, int msgNum,
 int partNum, ServletOutputStream out,
 HttpServletResponse res)
 throws IOException {
 Part part = null;
try {
 Message msg = mud.getFolder().getMessage(msgNum);
 Multipart mp = (Multipart)msg.getContent();
 part = mp.getBodyPart(partNum);
 String sct = part.getContentType();
 if (sct == null) {
 out.println("invalid part");
 return;
 ContentType ct = new ContentType(sct);
 res.setContentType(ct.getBaseType());
 InputStream is = part.getInputStream();
 int i;
 while ((i = is.read()) != -1)
 out.write(i);
 out.flush();
 out.close();
 } catch (MessagingException mex) {
 out.println(mex.toString());
* This is a utility message that pretty-prints the message
* headers for message that is being displayed.
private void displayMessageHeaders(MailUserData mud, Message msg,
 ServletOutputStream out)
 throws IOException {
 try {
 out.println("Date: " + msg.getSentDate() + " ");
Address[] fr = msg.getFrom();
if (fr != null) {
boolean tf = true;
out.print("From: ");
for (int i = 0; i < fr.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(fr));
tf = false;
out.println(" ");
Address[] to = msg.getRecipients(Message.RecipientType.TO);
if (to != null) {
boolean tf = true;
out.print("To: ");
for (int i = 0; i < to.length; i++) {
out.print(((tf) ? " " : ", ") + getDisplayAddress(to[i]));
tf = false;
out.println(" ");
Address[] cc = msg.getRecipients(Message.RecipientType.CC);
if (cc != null) {
boolean cf = true;
out.print("CC: ");
for (int i = 0; i < cc.length; i++) {
out.print(((cf) ? " " : ", ") + getDisplayAddress(cc[i]));
 cf = false;
out.println(" ");
 out.print("Subject: " +
 ((msg.getSubject() !=null) ? msg.getSubject() : "") +
 " ");
} catch (MessagingException mex) {
 out.println(msg.toString());
* This method displays the URL's for the available commands and the
* INBOX headerlist
private void displayHeaders(MailUserData mud,
 HttpServletRequest req,
ServletOutputStream out)
 throws IOException {
SimpleDateFormat df = new SimpleDateFormat("EE M/d/yy");
out.println("<html>");
out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
 out.println("<BODY bgcolor=\"#ccccff\"><hr>");
 out.print("<center>");
 out.println("Folder " + mud.getStore().getURLName() +
 "/INBOX</center>");
 // URL's for the commands that are available
 out.println("");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?logout=true\">Logout</a>");
out.println("<a href=\"" +
 HttpUtils.getRequestURL(req) +
 "?compose=true\" target=\"compose\">Compose</a>");
 out.println("");
 out.println("<hr>");
 // List headers in a table
out.print("<table cellpadding=1 cellspacing=1 "); // table
 out.println("width=\"100%\" border=1>"); // settings
 // sender column header
 out.println("<tr><td width=\"25%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Sender</td>");
 // date column header
 out.println("<td width=\"15%\" bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Date</td>");
 // subject column header
 out.println("<td bgcolor=\"ffffcc\">");
 out.println("");
 out.println("Subject</td></tr>");
 try {
 Folder f = mud.getFolder();
 int msgCount = f.getMessageCount();
 Message m = null;
 // for each message, show its headers
 for (int i = 1; i <= msgCount; i++) {
m = f.getMessage(i);
 // if message has the DELETED flag set, don't display it
 if (m.isSet(Flags.Flag.DELETED))
 continue;
 // from
out.println("<tr valigh=middle>");
out.print("<td width=\"25%\" bgcolor=\"ffffff\">");
 out.println("" +
 ((m.getFrom() != null) ?
 m.getFrom()[0].toString() :
 "" ) +
 "</td>");
 // date
out.print("<td nowrap width=\"15%\" bgcolor=\"ffffff\">");
 out.println("" +
df.format((m.getSentDate()!=null) ?
 m.getSentDate() : m.getReceivedDate()) +
 "</td>");
 // subject & link
out.print("<td bgcolor=\"ffffff\">");
 out.println("" +
 "<a href=\"" +
 HttpUtils.getRequestURL(req) +
"?message=" +
i + "\">" +
((m.getSubject() != null) ?
 m.getSubject() :
 "No Subject") +
"</a>" +
"</td>");
out.println("</tr>");
 } catch (MessagingException mex) {
 out.println("<tr><td>" + mex.toString() + "</td></tr>");
 mex.printStackTrace();
 out.println("</table>");
 out.println("</BODY></html>");
 out.flush();
 out.close();
* This method handles the request when the user hits the
* Compose link. It send the compose form to the browser.
private void compose(MailUserData mud, HttpServletResponse res,
 ServletOutputStream out)
 throws IOException {
 res.setContentType("text/html");
 out.println(composeForm);
 out.close();
* This method processes the send request from the compose form
private void send(HttpServletRequest req, HttpServletResponse res,
 ServletOutputStream out, HttpSession ssn)
 throws IOException {
String to = req.getParameter("to");
 String cc = req.getParameter("cc");
 String subj = req.getParameter("subject");
 String text = req.getParameter("text");
 try {
 MailUserData mud = getMUD(ssn);
 if (mud == null)
 throw new Exception("trying to send, but not logged in");
 Message msg = new MimeMessage(mud.getSession());
 InternetAddress[] toAddrs = null, ccAddrs = null;
 if (to != null) {
 toAddrs = InternetAddress.parse(to, false);
 msg.setRecipients(Message.RecipientType.TO, toAddrs);
 } else
 throw new MessagingException("No \"To\" address specified");
 if (cc != null) {
 ccAddrs = InternetAddress.parse(cc, false);
 msg.setRecipients(Message.RecipientType.CC, ccAddrs);
 if (subj != null)
 msg.setSubject(subj);
 URLName u = mud.getURLName();
 msg.setFrom(new InternetAddress(u.getUsername() + "@" +
 u.getHost()));
 if (text != null)
 msg.setText(text);
 Transport.send(msg);
 out.println("<h1>Message sent successfully</h1></body></html>");
 out.close();
 } catch (Exception mex) {
 out.println("<h1>Error sending message.</h1>");
 out.println(mex.toString());
 out.println(" </body></html>");
// utility method; returns a string suitable for msg header display
private String getDisplayAddress(Address a) {
String pers = null;
String addr = null;
if (a instanceof InternetAddress &&
((pers = ((InternetAddress)a).getPersonal()) != null)) {
 addr = pers + " "+"<"+((InternetAddress)a).getAddress()+">";
} else
addr = a.toString();
return addr;
// utility method; retrieve the MailUserData
// from the HttpSession and return it
private MailUserData getMUD(HttpSession ses) throws IOException {
 MailUserData mud = null;
 if (ses == null) {
 return null;
 } else {
 if ((mud = (MailUserData)ses.getValue("javamailservlet")) == null){
 return null;
 return mud;
public String getServletInfo() {
return "A mail reader servlet";
* This is the HTML code for the compose form. Another option would
* have been to use a separate html page.
private static String composeForm = "<HTML><HEAD><TITLE>JavaMail Compose</TITLE></HEAD><BODY BGCOLOR=\"#CCCCFF\"><FORM ACTION=\"/servlet/JavaMailServlet\" METHOD=\"POST\"><input type=\"hidden\" name=\"send\" value=\"send\">JavaMail Compose Message<TABLE BORDER=\"0\" WIDTH=\"100%\"><TR><TD WIDTH=\"16%\" HEIGHT=\"22\"> To:</TD><TD WIDTH=\"84%\" HEIGHT=\"22\"><INPUT TYPE=\"TEXT\" NAME=\"to\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">CC:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"cc\" SIZE=\"30\"> (separate addresses with commas)</TD></TR><TR><TD WIDTH=\"16%\">Subject:</TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"subject\" SIZE=\"55\"></TD></TR><TR><TD WIDTH=\"16%\"> </TD><TD WIDTH=\"84%\"><TEXTAREA NAME=\"text\" ROWS=\"15\" COLS=\"53\"></TEXTAREA></TD></TR><TR><TD WIDTH=\"16%\" HEIGHT=\"32\"> </TD><TD WIDTH=\"84%\" HEIGHT=\"32\"><INPUT TYPE=\"SUBMIT\" NAME=\"Send\" VALUE=\"Send\"><INPUT TYPE=\"RESET\" NAME=\"Reset\" VALUE=\"Reset\"></TD></TR></TABLE></FORM></BODY></HTML>";
* This class is used to store session data for each user's session. It
* is stored in the HttpSession.
class MailUserData {
URLName url;
Session session;
Store store;
Folder folder;
public MailUserData(URLName urlname) {
 url = urlname;
public URLName getURLName() {
 return url;
public Session getSession() {
 return session;
public void setSession(Session s) {
 session = s;
public Store getStore() {
 return store;
public void setStore(Store s) {
 store = s;
public Folder getFolder() {
 return folder;
public void setFolder(Folder f) {
 folder = f;

You posted a thousand lines of badly-formatted code and didn't have the sense to say which one had the exception.
My guess is that it was this one:Session session = Session.getDefaultInstance(props, null);because that happened to me. I fixed it by calling getInstance instead of getDefaultInstance.
However if that isn't the problem, how about spending a few seconds to post a less useless question?

Security.properties file issue - Need help

Hi Friend,
I am trying to setup SUN IDM connection pool and getting this error. Can some one help me how to fix this issue.
java.io.FileNotFoundException: C:\Sun\AppServer\config\security.properties (The
system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at com.sun.enterprise.util.Utility.getPropertiesFromFile(Utility.java:42
at com.sun.enterprise.iiop.POAEJBORB.<clinit>(POAEJBORB.java:78)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at org.omg.CORBA.ORB.create_impl(ORB.java:295)
at org.omg.CORBA.ORB.init(ORB.java:336)
at com.sun.enterprise.util.ORBManager.createORB(ORBManager.java:138)
at com.sun.enterprise.util.ORBManager.init(ORBManager.java:65)
at com.sun.enterprise.naming.SerialInitContextFactory.<init>(SerialInitC
ontextFactory.java:31)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
orAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
onstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
54)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at com.waveset.util.JdbcUtil.getDataSourceObject(JdbcUtil.java:571)
at com.waveset.repository.RelationalDataStore.setupJdbc(RelationalDataSt
ore.java:3834)
at com.waveset.repository.RelationalDataStore.init(RelationalDataStore.j
ava:3779)
at com.waveset.install.RepoMan.check(RepoMan.java:1194)
at com.waveset.install.RepoMan.setRepo(RepoMan.java:1082)
at com.waveset.install.RepoMan.main(RepoMan.java:1314)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.waveset.util.CommandProcess.invokeMain(CommandProcess.java:212)
at com.waveset.util.CommandProcess.launch(CommandProcess.java:162)

Hi rhayn, I think you're getting confused about what "file sharing" really is used for. You need to say to yourself "do I want someone on another machine to access these files?" If yes, you need file sharing; if no, forget about it.
So, the second user, are they on another machine or are they using the same mac as you?
Just as in windows, when you share a folder over the network, you can set different permissions on the "share" compared to the permissions on the files and folders themselves. In all cases, the most restrictive permissions apply. Therefore if you give read/write to the shared folder (the "share"), but a folder is read only (to the second user), they will be able to view the list of files in that folder, but not open them (equivalent to the windows permission called "list folder contents"). If the folder was read/write, the second user can create files and edit them. If the folder is read/write and existing files are read only, they can open them but not save changes. Where OS X differs from windows is the mechanism for setting permissions; OS X uses the unix/posix permission system. In addition, if you are the owner of the folder or file, you can always do anything with the folder or file.
All of the above paragraph is only information you need to use IF the other user is connecting to your mac from ANOTHER computer across a network.

HELP!!! java.security.AccessControlException: access denied

Please help!
I have the project to use the applet to show the form, this applet is needed to read the file from the server side. when i using the jbuilder to coding, it can work to use the appletviewer to run the program to read the file.
After that i placed the code to the webapp (localhost), when i start up tomcat and use the ie to view the http://localhost:8080/auditForm/AuditForm.html. (this AuditForm.html is embedded the test.class. test.class use to read the file.
but error was occurred.
i am using the File Object to read file
File propertyFile=new File("C:/Tomcat/webapps/XX/WEB-INF/dbconfig.properties");java.security.AccessControlException: access denied (java.io.FilePermission C:\Tomcat\webapps\auditform\test\dbconfig.properties read)
 at java.security.AccessControlContext.checkPermission(Unknown Source)
 at java.security.AccessController.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkRead(Unknown Source)
 at java.io.File.canRead(Unknown Source)
 at DBconfig.<init>(DBconfig.java:31)
 at test.init(test.java:19)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
i am try to set the security policy in jdk, and tomcat, but also cannot work??? is it wrong setting??? how come.
urgent!!!!

Hey guys,
You can access what ever file you want on the originating host i.e. the server.
Im guessing you guys are testing your applet code probably before it takes the form of an applet. It's fundamental to realise that applets are downloaded to the client and excuted in a 'sandbox' by the java-plugin installed in the client browser. Hence using a File instance pointing somewhere on the C:\ drive is totally pointless as you likely won't have permission to access the client's hard drive anyway. More to the point, it is totally wrong; the property files or movies do not reside on the client machine.... and there is no need to confuse matters by talking about signing Jars.
My advice is to read the Applet/JApplet APIs which cleary show how to access 'resources' on the server - no extra permissions are needed so it is not even a security issue. Also, you web application usually can not see outside its context/document base so you will need to put the property file or movies in the same directory (or a visible sub-directory) as the applet code/jar itself.
Hope this info is of some use.
Warm regards.

Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.

I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
deployment.properties entries after addition of my jre entry:
#deployment.properties
#Fri Sep 28 14:09:24 PDT 2012
deployment.javapi.lifecycle.exception=true
deployment.trace=true
deployment.javaws.viewer.bounds=323,144,720,360
deployment.javaws.autodownload=NEVER
deployment.version=6.0
deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
deployment.security.mixcode=HIDE_RUN
deployment.log=true
deployment.console.startup.mode=SHOW
deployment.capture.mime.types=true
#Java Deployment jre's
#Fri Sep 28 14:09:24 PDT 2012
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.product=1.6.0_33
deployment.javaws.jre.0.osarch=x86
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=false
deployment.javaws.jre.0.args=
deployment.javaws.jre.1.enabled=true
deployment.javaws.jre.1.registered=true
deployment.javaws.jre.1.osname=Windows
deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.osarch=x86
deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.1.platform=1.6
deployment.javaws.jre.1.product=1.6.0_29
Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.

I'm having a similar problem and I think it is related with this.
If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
I have a method that handles the Java--->Javascript calls and goes something like this:
System.out.println("Calling Javascript...");
JSObject win = JSObject.getWindow(this);
win.call(jsEventHandler, new Object[] { json.toString() });
System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
Could you explain in more detail the queue based solution you found? Any other ideas?
Regards,
André Tavares.

SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. java.security.cert.Certifica

HI Team,
while starting the node manager in wls 8.1 and java1.4
we are facing this issue plz help on this immediately.
+ CLASSPATH=/srvrs/bdv/patches/CR210310_81sp4.jar:/usr/java14/lib/tools.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic_sp.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic.jar::/srvrs/bdv/bea
+ export CLASSPATH
+ export PATH
+ set -x
+ [ 5555 != ]
+ [ 142.182.112.123 != ]
+ /usr/java14/bin/java -Xms32m -Xmx32m -Dweblogic.security.SSL.enforceConstraints=off -Djava.security.policy=/srvrs/bdv/bea/weblogic81/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java14 -DListenAddress=142.182.112.123 -DListenPort=5555 weblogic.NodeManager
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <NodeManager: for information on command line options, try "java weblogic.NodeManager -h">
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Starting NodeManager >
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenAddress to 142.182.112.123..>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenPort to 5,555..>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting java home to '/usr/java14'>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Effective values of properties :
 ListenAddress=142.182.112.123
 ListenPort=5555
 ListenerType=secureSocket
 SavedLogsDirectory=NodeManagerLogs
 NativeVersionEnabled=true
 TrustedHosts=nodemanager.hosts
 StartTemplate=../../server/lib/unix/nodemanager.sh
 ReverseDnsEnabled=false
 ScavangerDelaySeconds=180
 PIDFileReadRetryCount=0
 WeblogicHome=null
 bea.home=null
 JavaHome=/usr/java14
 PropertiesVersion=8.1
>
<Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Saving logs in'NodeManagerLogs'>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading private key and certificate chain from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoIdentity.jks. KeyStore type = jks, Using keystore passphrase = true, Alias = DemoIdentity>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoTrust.jks. KeyStore type = jks, Using keystore passphrase = true>
<Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /usr/java14/jre/lib/security/cacerts. KeyStore type = jks, Using keystore passphrase = false>
SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
 at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
 at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
 at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
 at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
 at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:52)
 at weblogic.nodemanager.internal.SecureSocketListener.run(SecureSocketListener.java:57)
 at weblogic.nodemanager.internal.GenericListener.startListener(GenericListener.java:16)
 at weblogic.nodemanager.NodeManager.startSecureSocketListener(NodeManager.java:461)
 at weblogic.nodemanager.NodeManager.init(NodeManager.java:305)
 at weblogic.nodemanager.NodeManager.run(NodeManager.java:511)
 at weblogic.NodeManager.main(NodeManager.java:31)
Thanks,
Eswar

Hi,
Did you find a solution to this? We are running into the same issue since upgrading to Weblogic 9.2.3 for WebCT Vista 8.0.4.
Thanks,
Ron

Java Security Model: Java Protection Domains

1.     Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o     Configurable policies -- no longer is the security policy hard-coded into the application.
o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2.     X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3.     Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4.     Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh Vishwakarma

Hi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team).

Java.security..AccesscontrolException: access denied (java.util.PropertyP..

I am trying to access the Cisco PIX device manager to get access to my firewall, but get the error message above when trying to start the applet: Is this a bug? Thankful for any input! See the Java concole output below:
Java Plug-in 1.5.0_06
Using JRE version 1.5.0_06 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Kari
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
Requesting URL: https://10.1.1.1/jploader.jar
java.security.AccessControlException: access denied (java.util.PropertyPermission java.version read)
 at java.security.AccessControlContext.checkPermission(Unknown Source)
 at java.security.AccessController.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
 at java.lang.System.getProperty(Unknown Source)
 at com.cisco.pdm.e.c.q(Unknown Source)
 at com.cisco.pdm.e.c.h(Unknown Source)
 at com.cisco.pdm.a.byte(Unknown Source)
 at com.cisco.pdm.PDMApplet.start(Unknown Source)
 at com.cisco.nm.util.sgz.Env.start(Env.java:37)
 at com.cisco.nm.util.sgz.Loader.start(Loader.java:109)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)

I had the same problem trying to open a Pix 506e through Internet Explorer.
After downloading and installing and uninstalling again differt versions; the working solution for me was version JRE 1.4.2_07
Be sure to download the 07, other versions of the 1.4.2 were not working!

Viewing/setting java security properties

Similar Messages

Maybe you are looking for