Weblogic.policy and class.forname
Hi,
my company develops an application for an external customer (bea 6.1). In
our cutomers eyes the application is a security risk because our customer is
afraid that we are using the class.forname command to create manually
connections to other databases.
I would like to know, is it possible to disable this command for our
application with the help of the weblogic.policy file?
Regards
Michael
yes.. i think it returns Class object. But, isthere
any other way to instantiate a class other thanusing
the new operatorOthers
- JNI, similar but not exactly new
- Serialization which by passes the normal processCloning
Class.newInstance has been mentioned, but Constructor.newInstance has not
Similar Messages
-
plz tel me ....
what is the Difference between ? new Operator and Class.forName() ??? ........Class.forName(), takes the class name as parameter,
and loads that class in memory. But it doesn't create
any instance of that class.
That means static methods/variables are available for
use.
new keyword, checks if the class is loaded, if not
then loads that class, and then creates an instance
of that class.Class.forName actually returns the class object for that name (class - for -name). it might load it, if the class hasn't already been loaded, but it's misleading to say that's what that method does
your definition of 'new' is wrong, too. give the dukes back -
Difference between DriverManager.registerDriver and Class.forName?
Hi all,
I've noticed that the Oracle JDBC driver specifically asks to use DriverManager.registerDriver instead of Class.forName. What is the difference btw those 2 methods in loading and registering the driver?
Thanks.I am trying to understand the jdbc, odbc drivers better.
Does the class my.sql.Driver refer to a driver for MySql or is it a driver itself?
with the lines one and two commented out, the code works fine. but with lines one and three commented out and the dbDriver being as specified in line two; no connection is made to the database. Can anyone explain this? and when i do Class.forName(dbDriver), is there a class by that name?
//String dbDriver = "sun.jdbc.odbc.JdbcOdbcDriver"; //one
//String dbDriver = "my.sql.Driver"; //two
String dbDriver = "MySql ODBC 3.51 Driver"; //three
String dbSource = "jdbc:odbc:mydb";
try {
Class.forName(dbDriver);
conn = DriverManager.getConnection(dbSource);
statement = conn.createStatement();
} catch(Exception exception) {
System.out.println(exception.getMessage()+" from the "+exception.toString());
System.exit(1); -
Hi,
Please clarify me : What is the difference between the instnce creation by using new operator *( new ClassName())* and instance creation using class.forName("fully Qualified Name");
thanks
GauravThe compiler can tell you whether new ClassName() will be valid. For the other, you have to wait until runtime to know for sure.
new ClassName(...) can be invoked with arguments, and you provide them directly and simply. If you want to reflectively create an instance using a constructor that takes arguments, it's a more convoluted process.
Using new, you know which checked exceptions can be thrown and you catch them directly. Using reflection, you have to catch some other exception and unravel its cause.
You can use reflection (Class.forName and its more complicated cousins) when you don't know the classname at compile time.You can't do this with new.
Don't use reflection unless you have to. It's more complex, somewhat less performant, and it denies you certain compile time checks. -
Trouble w/ multiple applets dynamically starting and Class.forName()
I'm trying to start applets dynamically and I see strange behavior on some systems it works fine and gets the applet class from the jar file. On other systems it makes an http request back to the server to try and get the class. I don't know where in the Class or ClassLoader it's deciding whether to get this class from the jarfile or from the server and all of these classes are contained in the jarfile? Any suggestions?
Here's the method to start new applets
public Component startApplet( String className ) {
System.out.println("Starting applet "+className);
Class appletClass = null;
JApplet japplet = null;
try {
appletClass = Class.forName("com.actsolar.ui.applet."+className);
System.out.println(appletClass);
japplet = (JApplet)appletClass.newInstance();
japplet.init();
} catch (Exception e) {
System.out.println("startapplet Exception: "+e.getMessage());
return japplet;
thanks,
andrewHi,
I have seen the same problem when I mix up small letters and BIG LETTERS.
Ex :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<applet code="Function3.class"width="100" height="100">
</applet>
</html>
will work with Function3.class
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<applet code="function3.class"width="100" height="100">
</applet>
</html>
Will NOT work.
Maybe this will help you , I am also new on JAVA so maybe you make the same mistake like I did ?
Best Regards,
Didier. -
Classload.load and Class.forName question
I know there are several threads about this, but I have a doubt.
I'm getting a ClassNotFoundException running the JUnitSampler of JMeter.
This test is run by maven (using a specific plugin for it). This plugin creates a new Thread to call JMeter with all the parameters that needs.
The class that the JUnitSampler is trying to run is in the classpath (is not jar).
I know this because I run maven with -X parameter and it shows this:
[DEBUG] Test Classpath :
[DEBUG] /path/to/project/target/classes
[DEBUG] /path/to/project/target/test-classesLooking at JUnitSampler code I can see this
theclazz = Thread.currentThread().getContextClassLoader().loadClass(className.trim());Is there any reason that the class couldn't be found?No idea - it is your code.It's JMeter code, not mine.You said it couldn't find your test classes.
>
My original question was about if there were any
difference in using
Class.forName
or
Thread.currentThread().getContextClassLoader().loadClass
No idea. You can print the class loader though.
That was because the JUnitSampler is using the second
option to instantiate the test classes, and
I was receiving a ClassNotFoundException. That
problem is now solved, because it can find the class,
but is unable to cast it to TestCase.
I want to know if there is a way to put my test
classes in the ClassLoader that JMeter is using.You have an instance of some class.
To create that class it was loaded by a class loader.
You can get that class loader via the methods of java.lang.Class.
You can use that class loader to load your class.
That might or might not solve your problem.
Because there are any number of ways it can fail to solve you problem. Below is one, one of many, that might do it.
It won't solve it if you have already loaded your class via the system loaders which will happen if you use absolutely any reference to it. -
Tomcat3 and Class.forName(my_class)
Hi All,
I am getting a ClassNotFoundException when I try to do a Class.forName(com.iw.command.my_class) in my servlet under Tomcat 3.3.1. I am running on RH Linux 7.2. The class is in my classes folder under WEB-INF. In the the tomcat config docs, it states that WEB-INF/classes is included in the tomcat classpath by default. Any help is greatly appreciated. I am under the gun and need to get this working ASAP.
Thanks,
JustinForget it! I must have been visited by the idiot fairy while coding on late night.
My method call was ... Class.forName("cmdname") when it should have been ...
Class.forName(cmdname)
Luckily I haven't spent much time on this. -
Why Class.forName("driver class") ?
Hi,
whay we are using Class.forName("driver class"). why we dont import the driver package and access the required classes and methods?
for eg:
insead of calling
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver"); ,can we use import com.microsoft.jdbc.sqlserver.*; ?
what is the use of DriverManager in this context? any connection between DriverManager and Class.forName() ?
expecting answers.sure you can import the packages and use the classes directly but that defeats the whole purpose of pluggable drivers.
Class.forName causes the class to be loaded and as stated before that should cause the driver to register itself with the driver manager.
so then if you have a system where you are talking to several different database vendors then you don't have to worry about which is which as the DriverManager handles it for you.
the big pros that i have actually seen though for having this be pluggable and not hard-coded (with the exception of the URL although you can do this dynamically as well) is what happens if you switch databases. if you import the package and use fully named classes and you switch databases at some point (could be just an upgrade of the same vendor's database) you are screwed.
same problem could happen if you switch drivers for some reason.
at any rate if you use things properly and are careful then you should only ever have to change your URL the rest of the code is fine if you use the DriverManager and use the drivers dynamically otherwise... -
I saw some classes don't have a method called "newInstance()".
but I have seen some advices say that is better using "Class.forName().newInstance()" than using "Class.forName()".I saw some classes don't have a method called
"newInstance()".If you have class Foo, and you do Class.forName("Foo").newInstance();you're not calling Foo's newInstance method. You're calling java.lang.Class' newInstance method. You have a Class object that represents the Foo class. You tell that Class object newInstance() which invokes the public no-arg constructor of class Foo (as if you had done new Foo()). If Foo doesn't have a public no-arg constructor, you'll get an exception.
but I have seen some advices say that is better using
"Class.forName().newInstance()" than using
"Class.forName()".They do two completely different things, and Class.forName().newInstance() first does Class.forName() and then class newInstance() on what that returns.
Class.forName("Foo") returns the Class object that is associated with class Foo. It also loads the class if it hasn't already been loaded. It returns an instance of java.lang.class
newInstance() calls the public, no-arg ctor of that class, if that ctor exists. Otherwise it throws an exeption. If it succeeds, it returns an instance of Foo. -
Help! Unable to Start - weblogic.policy - (Linux) and WLS 5.1
Does this hold true for NT as well? The comments in the weblogic.policy file read:
// If WebLogic is not installed in a root directory, you must only
// list the first component of the path in the "file:" URL. This is
// because of a bug in JavaSoft JDK 1.2.1. For example, if you
// install WebLogic in the "c:/test/weblogic" directory, the first
// two lines below must be:
// grant codeBase "file:/c:/test/-" {
// permission java.io.FilePermission "c:${/}test${/}weblogic${/}-", "read,write,delete,execute";
However, when I use the similar file structure:
grant codeBase "file:/c:/bea/-" {
permission java.io.FilePermission "c:${/}bea${/}wlserver6.0sp1${/}lib${/}-",
"read,write,delete,execute";
I receive the same error and WebLogic Server will not start up.
Thanks for your help.
Tawnya
Mark Griffith <[email protected]> wrote:
If you have a directory :
/usr/local/releases/451/weblogic
in that dir lives:
weblogic.policy
that policy file should say:
grant codeBase "file://weblogic/-" {
NOT
grant codeBase "file://usr/local/releases/451/weblogic/-" {
mbg
In article <[email protected]>, [email protected]
says...
ENV:
Redhat Linux 6.2 (Current Kernel)
Weblogic Server 5.1
Sun JDK for Linux version 1.2.2
It seems like I am having a weblogic.policy problem. I have read the
documenattion over and over and still cannot figure out this problem.
I have weblogic installed on /usr/local/weblogic directory
I Start with the command line:from the startWebLogic.sh Script
$JAVA $JAVA_OPTIONS -ms64m -mx64m -classpath $JAVACLASSPATH
-Dweblogic.class.path=$WEBLOGICCLASSPATH -Djava.security.manager
-Djava.security.policy=='pwd'/weblogic.policy
-Dweblogic.home=. weblogic.Server
I followed all the instrcutions on modifying the weblogic.policy
file.
example:
grant codeBase "file:/usr/local/weblogic/-" {
permission java.io.FilePermission "${/}usr${/}local${/}weblogic${/}-",
"read,write,delete,execute";
I still get the following :
Exception in thread "main" java.security.AccessControlException:access
denied (java.lang.RuntimePermission createSecurityManager )
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:191)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.<init>(SecurityManager.java:303)
at
weblogic.boot.ServerSecurityManager.<init>(ServerSecurityManager.java:11)
at weblogic.Server.main(Server.java:59)
at weblogic.Server.main(Server.java:55)
Can anyboby Help me out here?
Tony McClay
Mr. BigMAN--
==================================================
NewsGroup Rant
==================================================
Rant 1.
The less info you provide about your problem means
the less we can help you. Try to look at the
problem from an external perspective and provide
all the data necessary to put your problem in
perspective. -
Weblogic is getting shutdown by calling Class.forName("className")
Hi,
I have written the following code and it's running thru a web application in Weblogic. The problem is when calling Class.forName(), the weblogic server 9.2 gets shutdown.
final static private String[] uib_cn = {
"com.realm.portal.cda.ui.UIBuilder",
"com.realm.rcash.rcoll.cda.ui.RCollUIBuilder",
"com.realm.rcash.rpay.cda.ui.RPayUIBuilder"
static {
// Init the Constructor object for each UI builder class
for (int i = 0; i <uib_cn.length; i++) {
try {
Class<?> c = Class.forName(uib_cn);
uic[i] = c.getConstructor(IRbacParamsBean.class);
} catch (Exception e) {
log.error(e.getMessage(), e);
The class containing this code in a jar file, is trying to load at runtime other class files which are in separate jar but all the jars are in same location WEB-INF/lib.
Plz anyone can help me why this is happening and how to resolve this?
Thanks & Regards
ChanchalIs it due to an unhandled exception in the static initializer block? Are those classes available?
-
Hi,
I am trying to upgrade Weblogic from 9.1 to 10.3.2 or 10.3.3
In Weblogic 9.1, our application used weblogic.jar in our classpath.
After we installed Weblogic 10.3.3, the new weblogic.jar can be found in: <WLS_HOME>\wlserver_10.3\server\lib
However, some class files are missing and we realized we need to manually generate wlfullclient.jar and use this jar file instead.
Reference: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/jarbuilder.html
The problem is that in Weblogic 10.3.3, the following class files are missing inside weblogic.jar and wlfullclient.jar
- import weblogic.jws.Policies
- import weblogic.jws.Policy
Hence, our application is getting an "The import weblogic.jws.Policies cannot be resolved" error in our code.
I look inside both weblogic.jar and wlfullclient.jar, weblogic.jws.Policies and weblogic.jws.Policy cannot be found.
This is not an issue in Weblogic 10.3.2. These two classes can be found in wlfullclient.jar
Any idea where I can find these class files for Weblogic 10.3.3 or something we are doing is incorrectly?
Thanks
ToanHi,
This missing classes can be found inside the JAR : *"E:\bea10_3_3\wlserver_10.3\server\lib\wseeclient.jar"* As well as inside *"E:\bea10_3_3\wlserver_10.3\server\lib\wls-api.jar"*
Thanks
Jay SenSharma
http://weblogic-wonders.com/weblogic/webservices/ (WebLogic Wonders Are Here) -
WebLogic 9.2 and weblogic.policy file
Hello,
I'm using weblogic.policy file while starting weblogic.
After adding it to JAVA_OPTIONS in startWebLogic.cmd I've got AccessControlException, and I'have to grant this persmision to all:
permission java.util.PropertyPermission "debug.properties", "read";
permission java.util.PropertyPermission "netuix.logger.implementation", "read";
permission java.util.PropertyPermission "netuix.formatter.implementation", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "weblogic.kernelPermission";
permission java.lang.RuntimePermission "setContextClassLoader";
This is not all permissions which I have to grant.
While I'm tring to run my deployed application I've got
java.security.AccessControlException: access denied (java.io.FilePermission D:\serwery\bea\jrockit90_150_04\jre\lib\managementapi.jar read).
So which permission I have to give (I don't want to add this permissions to all, so the question is where this permissions have to be added).
I think that this permissions should be granted to Servlets, as it is written on page
http://e-docs.bea.com/wls/docs92/security/server_prot.html#wp1032298
but resource path "file:/weblogic/application/defaults/Web" seems strange to me - there is nothing like this in Weblogic 9.2"
I also add this grant:
grant codeBase "file:${user.domain}/servers/${weblogic.Name}/tmp/-" {
permission java.security.AllPermission;
to weblogic.policy to run all deployed applications.
Thanks in advice,
Marcin DabrowskiHi
According to
http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
Can you make sure the policy file is in there?
Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
Vimala- -
Is there any Similar between Class.forName() and new operator ???
Plz tel me is there any Similar between Class.forName() and new operator ??? i have been asked this ques in interview
You probably should have used the other thread:
http://forum.java.sun.com/thread.jspa?threadID=792678
To add a little confusion to the matter...Class objects are in fact objects. They're objects representing classes. So, in a sense, I guess, you could say they're similar -- in each you get an object. But in practice Class objects and all other objects should be considered semantically different unless you're doing some pretty unusual stuff. Also Class.forName is more of a factory method than a constructor. -
Diffrence between Class.forName() and new Operator
What is diffrence between class.forName() and new operator.Please tell in much detail.
Also about classloader.loadclass.
Suppose the class that we are tring to load with the help of class.forname is not compiled. Again if I make changes at runtime to that class will that get reflected.What is diffrence between class.forName() and new
operator.Please tell in much detail.Class.forName loads a class. The new operator creates a new instance. Apple trees and apples.
Also about classloader.loadclass.Read the API.
Suppose the class that we are tring to load with the
help of class.forname is not compiled.Then you can't load it and get an exception. Read the API.
Again if I
make changes at runtime to that class will that get
reflected.Depends on the changes and when exactly you do them.
Maybe you are looking for
-
Workflow Status column for new content type
Hi, Initially I had a document library and several workflows associated with it. After that I created a new content type inheriting Folder content type. My existing workflows could be started and work fine with any item of this new content type excep
-
Mouse pointer jumps around screen
My Emac mouse pointer jumps aroung the screen. I have tried restarting and a permissions repair. I'm still having the problem. Any ideas? Emac Mac OS X (10.3.9)
-
Audition CS5.5 does not play any sound
Hello to everybody, I got a big problem with Audition. After buying a new Mac I imported the whole user to the new system. Nearly most of the Master Suite Modules work, but when starting Audition, it tells me right away that the audio hardware settin
-
What could be wrong with my ipad? it stops after a few seconds with "slide to power off" noted.
-
JDev 12.1.2 - 32-bit support
Hi all, Oracle JDeveloper and ADF 12c (12.1.2) Supported Systems http://www.oracle.com/technetwork/developer-tools/jdev/documentation/1212-cert-1964670.html It is stated that : All 32bit support is provided for the purposes of a single user in a dev