We Keep Coding

In openjdk, security policies are not taking effect

In redhat-openjdk:1.8.0, jvm java.policy and custom.policy file's java.version is being effective on the activeprocess
I've configured the java process to use java security manager and it uses Apache server to run the process. So Apache client look for "java.version" read permission in default and/or custom policy file.
I've included ready property permission, yet i'm getting weird AccessControlException.
Exception i'm seeing is:
java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.version" "read")
I've right permissions in place Property permission entry in jvm/secruity/java.policy
permission java.util.PropertyPermission "java.version", "read";
and in custom.policy ( -Djava.security.manager -Djava.security.policy=custom.policy), file path fully-qualified, i just shortened for better understanding):
permission java.util.PropertyPermission "java.version", "read";
Expectation is to run java process with out issues, but that's not happening.
Edit 1:
I've also tried enforcing all permission using below line:
grant{
permission java.security.AllPermission;
};
But seems like it is still not working. I've also tried using '==' while setting up policy file, which mean
`If you use
java -Djava.security.manager -Djava.security.policy==someURL SomeApp
(note the double equals) then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored.`
As per jdk 8 doc
Any help is much appreciated.

Looks to me that the policy is not in effect. In case you have multiple JDK releases installed, are you sure that you've modified the default policy for the same release that you are running with? I'd start by granting AllPermissions just to make sure that the policy is in effect, and then focus on the permission line itself.

ERROR Could not register mbeans java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")

When starting for example Elasticsearch 5.5 :
main ERROR Could not register mbeans java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")

Workaround with Oracle Java 1.8.0_131 is to open file <jre>/lib/security/java.policy and add this line to grant section (i.e. between curly brackets):
permission javax.management.MBeanTrustPermission "register";
Why workaround? The upright solution would be to specify extra grant section which code exactly should get this permission.

got the same error and the answer is here java.security.AccessControlException when using Ant, but runs ok when invoking java from console
Append the grant section in java.policy file with
permission javax.management.MBeanTrustPermission "register";

I had this same issue when moving from a single instance to two instances locally.
I tried what Alice suggested above. Even re-installed Elasticsearch (5.5.0).
I also updated my Java to the latest one for Linux provided by Oracle.
Nothing was working. Then I discovered, that I couldn't just take the elasticsearch-5.5.0/config directory and rename it to elasticsearch-5.5.0/node1.
So... I had to leave that config directory in place and clone it to node1/node2.
EVEN if I configure path.config in the runtime args, ES still needs that base line config directory.
Hope this helps.

I faced same issue on Ubuntu-16.04 system.
Solution:
ElasticSeearch service is not allowed to run for "ROOT" user. That's why change the ownership of elasticsearch folder with below command:
go to Elasticseach installation directory
$ sudo chown -R user_name:user_Group elasticsearch-5.5.0
$/bin/elasticsearch
this will start elasticsearch service. It is working form me perfectly.

Certificate error while making a POST call for authenticating microsoft dynamics crm

I downloaded the current microsoft dynamics crm SDK, and was trying to run the 'Main' class which is in the Walkthrough -> java2crmpack folder. I imported all the classes in eclipse and also generated stubs using wsdl.
So, while running this class I am facing certificate issues as the url is 'https'.
While making an authentication request it uses https://login.microsoftonline.com/RST2.srf url.
As this is a https call, it requires a certificate. In order to make it run, I downloaded the certificate and inserted it in the truststore. The truststore location is provided in eclipse configuration, still the error persists.
Error : "unable to find valid certification path to requested target".
Kindly, help me in resolving this issue

This sort of error i have seen in two scenario's
1. Code unable to locate Truststore properly
2. Truststore does not have valid chain

JDK 7u45 application blocked due to securtiy exception of self signed or outdated version

I have created a java application and deploying it using java web start.Application is working fine till JDK 7u21. But after that I updated my jdk version to 7u45.Application is blocked due after throwing security exception of self signed.
After that I explore issue on different website they suggested to lower down the security level in Java Control Panel.But I don't like this solution as I don't want a work around but a complete solution.
After more exploration I found following method of adding following attribute to MANIFEST.MF
Application-Name: My App Name
Permissions: all-permissions
Codebase: *
Application-Library-Allowable-Codebase: *
Caller-Allowable-Codebase: *
Trusted-Library: true
I have added all this using following command
jar uvmf abc.jar patch.txt
where patch.txt contains above attribute that I have to add to manifest.MF
As my application contains some of eclipse plugins so I deleted ECLIPSEF.SF and ECLIPSEF.RSA files and again signed all plugins using my certificate.
But still I didn't get rid of error.I am getting following errors :
basic: Your security settings have blocked a self-signed application from running with an out-of-date or expired version of Java.
security: Trust for: http://192.15.23.6:8888/myapps/plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.1.0.v20100503.jar has ended: Thu Jan 01 05:30:00 IST 1970
Please suggest how to explore it at next step to remove errors.

I have found solution to my above problem by signing JNLP
refer to following thread
https://community.oracle.com/thread/2593583?start=15&tstart=0
Now I have to do this for dynamic jnlp. A solution is already provided in this thread but I am not able to understand that how that happened and how to implement that solution.
Please guide.

Java JCE cannot authenticate provider BC in jarsplice created jar

I am working on a game and I am using the Slick2D library. I am also using bouncycastle for encryption. Then I use jarsplice to package everything together in a nice executable. And it runs fine until it needs to encrypt something. It gives me a java.lang.SecurityException: JCE cannot authenticate the provider BC And I am using a signed jarfile (http://www.bouncycastle.org/download/bcprov-jdk15on-150.jar)
Here is the stack trace
java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:642)
at javax.crypto.Cipher.getInstance(Cipher.java:580)
at net.matrixstudios.zenerith.networking.ZenerithLogin.encryptLogin(ZenerithLogin.java:159)
at net.matrixstudios.zenerith.networking.ZenerithLogin.<init>(ZenerithLogin.java:112)
at net.matrixstudios.zenerith.MultiplayerMenu$1.performAction(MultiplayerMenu.java:90)
at net.matrixstudios.zenerith.gui.menu.MenuGameState.clickButton(MenuGameState.java:83)
at net.matrixstudios.zenerith.gui.menu.MenuGameState.checkForButtonClicks(MenuGameState.java:75)
at net.matrixstudios.zenerith.gui.menu.MenuGameState.update(MenuGameState.java:51)
at net.matrixstudios.zenerith.gui.menu.AbstractGameState.update(AbstractGameState.java:47)
at org.newdawn.slick.state.StateBasedGame.update(StateBasedGame.java:266)
at org.newdawn.slick.GameContainer.updateAndRender(GameContainer.java:663)
at org.newdawn.slick.AppGameContainer.gameLoop(AppGameContainer.java:411)
at org.newdawn.slick.AppGameContainer.start(AppGameContainer.java:321)
at net.matrixstudios.zenerith.gui.Window.<init>(Window.java:28)
at net.matrixstudios.Main.main(Main.java:28)
Caused by: java.util.jar.JarException: file:/C:/Users/M4trixSh4d0w/Desktop/Zenerith_Alpha.0.2.1.5.jar has unsigned entries - org/bouncycastle/LICENSE.class
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:462)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187)
at javax.crypto.Cipher.getInstance(Cipher.java:638)
... 14 more
So how do I authenticate the jarfile to run?
This is a standalone executable jarfile.

I'm a Android developer, got this error when I upgraded the compile and build tool to Android 12 (31), I tried lots of ways to fix it and finally I found the only way that works is changing the JDK to the version of 11.0.14.1 (x86_64), I worked on Mac M1, the downloading link of this version is: https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html

You probably want to register the cryptographic service provider at runtime to ensure the configuration will work for everyone. You can use either of the Security.addProvider() or Security.insertProviderAt() methods. See documentation linked below under "Managing Providers".
http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Provider
Just use addProvider() unless the order of providers is somehow important for you. I saw one contributor commented that you might slot it in at entry #9, but I didn't see evidence that this is right for your configuration, so probably just an extraneous detail from his/her config file. Obviously, if I missed something about your configuration and you do need it there, then go for insertProviderAt().