I'm migrating an applet-based application into a Web Start application.
In the application a custom ClassLoader is needed in order to fetch resources and classes from different media. It also uses a JavaFX layer on the top.
All permissions are granted to the WebStart application, the manifest is complete and the jar is signed with a valid certificate. In fact, if I don't fetch the classes from the media and I load them with the default ClassLoader, everything works. But if I use the custom ClassLoader, we face problems like:
Caused by: java.security.AccessControlException: access denied
("java.net.SocketPermission" "www.mydomain.com:443" "connect,resolve")
For testing proposals, the custom SecureClassLoader is granting all permissions. That does not help.
I'm also trying to replace the Security Manager, but I cannot:
java.lang.SecurityException: JVM Shared, not allowed to set security
manager
even if I add the parameter to the applet descriptor inside the jnlp:
PARAM name="separate_jvm" value="true"
I cannot replace the manager.
Can anyone point what can I do to be able to grant permissions to those classes? It is not possible to change the policy files on the client side.
Here I add the stacktrace to point where the calls are coming from:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "www.mydomian.com" "resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.addAccess(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.allowNoAccess(Unknown Source)
at com.sun.deploy.net.CrossDomainXML.check(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.URLStreamHandler.getHostAddress(Unknown Source)
at java.net.URLStreamHandler.hashCode(Unknown Source)
at java.net.URL.hashCode(Unknown Source)
at java.util.HashMap.hash(Unknown Source)
at java.util.HashMap.get(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler.getDefaultCodeSource(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler.access$1400(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildElement.<init>(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ChildCallback.openClassPathElement(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getCodebaseLookup(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getResourceAsResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source)
at java.lang.Class.getResourceAsStream(Unknown Source)
at mypackage.Util.readResource(Util.java:42)
at mypackage.CustomClassLoader.encryptedLookup(CustomClassLoader.java:101)
at mypackage.ClassLoader.findClass(CustomClassLoader.java:78)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at customUtil.ParametersGetter.getRole(ParametersGetter.java:80)
at com.application.ModuleConfig.main(ModConfig.java:448)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at mypackage.CustomClassLoader.launch(CustomClassLoader.java:126)
at mypackage.Browser$1.call(Browser.java:54)
at mypackage.Browser$1.call(Browser.java:45)
at javafx.concurrent.Task$TaskCallable.call(Task.java:1423)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Thanks.
Finally the problem was detected.
The System Classloader was set as the parent classloader of our custom classloader instead of using the classloader that loaded our classloader class.
As a result, other classloaders cascaded by a library of our application where lost in the flow, and that created a conflict on the permission resolution.
Related
I updated to 1.7.0_67-b01 and now it seems I can't embed a JavaFX panel in my swing application.
This is the exception I get.
Anyone knows a workaround?
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "javafx.macosx.embedded" "write")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.System.setProperty(Unknown Source)
at javafx.embed.swing.JFXPanel$1.run(Unknown Source)
at javafx.embed.swing.JFXPanel$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javafx.embed.swing.JFXPanel.initFx(Unknown Source)
at javafx.embed.swing.JFXPanel.<init>(Unknown Source)
at webview.WebBrowserFX.<init>(WebBrowserFX.java:38)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at baf.ui.WebView.initializeFXWebView(Unknown Source)
at baf.ui.WebView.<init>(Unknown Source)
at mypackage.MyClass.<init>(Unknown Source)
You should modify your policy file ($JAVA_HOME/jre/lib/security/javaws.policy) to include permissions to write this property. So, you should add this line to javaws.policy:
permission java.util.PropertyPermission "javafx.macosx.embedded", "write";
It seems to be the old bug
I tried what's suggested in this post and it works.
I add the permission programmatically.
PropertyPermission propertyPermission = new PropertyPermission("javafx.macosx.embedded", "write");
However the permissions of the orginal policy are lost.
Welcome, I had problem with launching my applet in browser, after few trys I finnaly had run that, i heard music, but the screen was still white, so i run console and i saw that error:
Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied ("java.io.FilePermission" "grass.png" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at sun.awt.SunToolkit.getImageFromHash(Unknown Source)
at sun.awt.SunToolkit.getImage(Unknown Source)
at javax.swing.ImageIcon.<init>(Unknown Source)
at javax.swing.ImageIcon.<init>(Unknown Source)
at rpg.imgs.loadAndDraw(imgs.java:18)
at rpg.main.paint(main.java:343)
at rpg.main.update(main.java:334)
at sun.awt.RepaintArea.updateComponent(Unknown Source)
at sun.awt.RepaintArea.paint(Unknown Source)
at sun.awt.windows.WComponentPeer.handleEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
It was strange to me because the sound track was playing in background but applet had a problem with loading images. I have put that applet on server: http://skibba.strefa.pl/applet/applet.html
If you want to check. I am getting same error as while i was trying to launch the applet in browser from hard drive on my PC.
And if i have no permission, so why the music is playing?
The applet runs in eclipse's Applet:Viewer well - no errors, only in browser is the problem.
It was strange to me because the sound track was playing in background but applet had a problem with loading images.
Presuming the image and clip are in the same directory, it suggests the music clip is being loaded by URL from the 'home' location (OK for a sand-boxed applet) while the image is being loaded by File (only possible in a trusted applet, and not suitable for resources we supply for an applet).
Organize to load the image by URL, and it should work.
Is kind of explanatory from the errors the application does not have permission to read from a folder where the png is stored. Applets are by default denied from accessing the Local directory. You need to sign your applet or edit the policy.
http://www.coderanch.com/how-to/java/HowCanAnAppletReadFilesOnTheLocalFileSystem
i hope it helped.
I try to deploy my java web start application as deploy java web start
But when i launch my application, but I got exception:
java.io.IOException: Cannot find cached resource for URL: http://nguyennguyen1647:8080/myweb/byte-viewer-1.0.0.jar
at com.sun.deploy.cache.Cache.getCachedResourceFilePath(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getCachedResourceFilePath(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.getSignedJNLPBits(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.getSignedJNLPFile(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDescHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDesc(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:724)
I think my problem is my jar file is self-signed.
Please tell me how to sign jar file with certificate?
Thanks in advance!
I'm trying to run my first java applet in my browser but when I open the HTML file which the applet class is embedded into, the following error occurs:
java.lang.RuntimeException: java.lang.ExceptionInInitializerError
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at Applet.MAIN.<clinit>(MAIN.java:39)
... 21 more
What should I do to solve this problem?
Here is the: entire error block
Applet has limited permissions. Non-signed applet cannot access file system and part of the system properties. In your case you tried to access user.dir.
You have the following solutions.
try to avoid using user.dir
sign your applet
do not use applet at all. Use java web start instead.
Youre trying to access something you dont have permission to
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read)
You can sign your applet
And/or set the permissions in the users home directory
http://docs.oracle.com/javase/1.4.2/docs/guide/security/permissions.html
I'm running into an issue with my applet. It's supposed to take a url and parse the html there to construct an image. I've gotten it to work on my eclipse debugger. However, when I try to use it on a web browser I get an AccessControlException. I'm using the jEditorPane.setPage(url) method. Currently both the applet and url are hosted on my localhost and I did self sign the applet.
java.lang.RuntimeException: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:80 connect,resolve)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at javax.swing.JEditorPane.getStream(Unknown Source)
at javax.swing.JEditorPane.setPage(Unknown Source)
at javax.swing.JEditorPane.setPage(Unknown Source)
at com.mindbody.printer.PrinterApplet.print(PrinterApplet.java:24)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
An unsigned applet is only allowed to connect to the host it came from. And even for signed applets, in methods invoked from code less trusted (like the javascript code here), it has only the rights of this code (or more exactly, the intersection of all rights).
To be able to do everything for which your applet has the rights, wrap your rights-needing code with AccessController.doPrivileged(...). (But make sure that this can not do dangerous things when given malicious arguments from outside.)