is it possible to use java.util.Logging and log to a file in a java webstart application?
I have the following logging code:
Handler fh = new FileHandler("myapp.log");
Logger.getLogger(MyApp.class.getName()).addHandler(fh);
and got the following exception:
java.security.AccessControlException: access denied (java.util.logging.LoggingPermission control)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.util.logging.LogManager.checkAccess(Unknown Source)
at java.util.logging.Handler.checkAccess(Unknown Source)
at java.util.logging.FileHandler.(Unknown Source)
at whoisapiclient.WhoisAPIClientApp.main(WhoisAPIClientApp.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
The access control exception says this:
"access denied (java.util.logging.LoggingPermission control)"
The javadoc for the permission class says this:
"Currently there is only one named LoggingPermission. This is "control" and it grants the ability to control the logging configuration, for example by adding or removing Handlers, by adding or removing Filters, or by changing logging levels."
What you are doing clearly falls under the "control" permission.
You will need to sign your application if it is to create/add its own log handlers.
Incidentally, if you did manage to work around the LoggingPermission("control"), you would then run into another access issue in opening the log file.
Both problems are solved by signing the application. You've then got the problem that the user has to accept / trust your signing key. But that is fair enough! As far as the Java security sandbox can tell, what you are doing could potentially damage the user's machine.
Have you tried specifying an absolute path? Perhaps the issue is that you don't have access to the current working directory of the application itself.
Related
I have deployed a java hello world "inside a browser" on http://www.applesweet.net/home.htm just to show that things are working fine. You can try it by just typing the url. The package is built using Netbeans.
Therefore, I try to deploy something more complicated using the same method. It's actually a client application I developed with JSE(1.8) + JavaFX8 + Persistence(Eclipse lib). You can try it with this link http://www.applesweet.net/dist/ProjCostTracking.html. It gives me the following error in the Java console.
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "eclipselink.persistencexml" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.FXAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at org.eclipse.persistence.internal.jpa.deployment.PersistenceUnitProcessor.findPersistenceArchives(PersistenceUnitProcessor.java:275)
at org.eclipse.persistence.internal.jpa.deployment.JPAInitializer.findPersistenceUnitInfoInArchives(JPAInitializer.java:150)
at org.eclipse.persistence.internal.jpa.deployment.JPAInitializer.findPersistenceUnitInfo(JPAInitializer.java:135)
at org.eclipse.persistence.jpa.PersistenceProvider.createEntityManagerFactory(PersistenceProvider.java:177)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:79)
at ProjCostTracking.KYdb.getEntityManagerFactory(KYdb.java:69)
at ProjCostTracking.KYdb.(KYdb.java:31)
at ProjCostTracking.Main.start(Main.java:161)
at com.sun.javafx.applet.FXApplet2$2.run(Unknown Source)
at com.sun.javafx.application.PlatformImpl$6$1.run(Unknown Source)
at com.sun.javafx.application.PlatformImpl$6$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl$6.run(Unknown Source)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(Unknown Source)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.access$300(Unknown Source)
at com.sun.glass.ui.win.WinApplication$4$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
The code is here:
I have tried to hard coded the username, password, ip address and port. The application runs fine as a standalone application.
I am aware of the file persistence.xml must be accessible. I am aware that the persistence.xml is already inside the JAR file. However, I sort of put it everywhere I can; under WEB-INF or along side with the JAR file and even inside LIB folder just in case.
The following snapshot shows how my files are deployed on the Godaddy web hosting service.
It's more like likely related to JPA...but I just can't figure it out. It is working fine as a standalone application.
Any suggestion is welcomed, thanks for the guidance. :)
After upgrading to Java 7, when launching remote jnlp, I see the following exception in the Java console:
java.security.KeyStoreException: WIExplorerMy not found
at java.security.KeyStore.getInstance(Unknown Source)
at com.sun.deploy.services.WPlatformService$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.services.WPlatformService.getBrowserClientAuthKeyStore(Unknown Source)
at sun.plugin2.applet.context.InitialJNLPExecutionContext.getBrowserClientAuthKeyStore(Unknown Source)
at sun.plugin2.main.client.DisconnectedExecutionContext.getBrowserClientAuthKeyStore(Unknown Source)
at sun.plugin2.applet.Applet2BrowserService.getBrowserClientAuthKeyStore(Unknown Source)
at com.sun.deploy.security.X509DeployKeyManager.<init>(Unknown Source)
at com.sun.deploy.net.protocol.https.Handler$Initializer$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.net.protocol.https.Handler$Initializer.<clinit>(Unknown Source)
at com.sun.deploy.net.protocol.https.Handler.openConnection(Unknown Source)
at java.net.URL.openConnection(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.createUrlConnection(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: WIExplorerMy KeyStore not available
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.security.Security.getImpl(Unknown Source)
... 26 more
In addition the error screen saying "Error. Click for details" appears for about 2 seconds and disappears afterwards.
Other then that, everything seems to function normally.
With Java 6 everything works as expected.
Ideas how to fix it?
I think some of the latest Java 7 updates have obsoleted some encryption schemes, so that would be a completely normal exception to get if you were using one of these while using Java 6.
See this list of enhancements and changes for Java 7:
Weak cipher suites deprecated
Per RFC 4346, RFC 5246, and RFC 5469, some cipher suites have been made obsolete and should not be used. These obsolete suites are all disabled by default in SunJSSE. For details, consult the cipher suite lists in the documentation about the SunJSSE provider.
That being said, that would explain the NoSuchAlgorithmException, but the error message seems to mention something about a missing keystore, so this may be unrelated and we woud need you to provide a SSCCE or anything close enough to one.
I solved this problem by adding
security.provider.11=com.sun.deploy.security.MSCryptoProvider
to C:\Program Files\Java\jre1.8.0_31\lib\security\java.security
Although the error wasn't fatal for me, it is just the javaws trying to read the local browser key store before falling back to the java keystores that are managed by the control panel. Those files are in C:\Users\USERID\AppData\LocalLow\Sun\Java\Deployment\security
Interestingly there is a security provider that comes pre-wired into the java.security file, and it is
security.provider.10=sun.security.mscapi.SunMSCAPI
This provider can also read the browser keystore, but the store type is windows-my, and not WIExplorerMy
Tarlog, do you have any resolution found yet? I have the same problem, I am suspecting that the first problem with KeyStoreException exception only happens if you are trying secure connection. And that sinister "Error. Click for details" issue happens on any Applet loaded through an jnlp.
I could not find any resolution yet.
Edit: For the KeyStoreException I have realised that the problem occured due to apache certificate files were gone somehow. I have generated ceritificate files and restarted apache. The exception no longer occurs.
The other problem with Error window still exists.
With regard to the Error Click for details issue – I resolved this by adding a class to the source that implements javax.jnlp.DownloadServiceListener (can just be a dummy class) and then specifying that class in your jnlp file (applet-desc/#progress-class="YourClass")
I would like to use this applet this applet in a html document. In the example on this site they use :
<applet code="de.wim.outldd.examples.DragDropTest_Applet"
width="150" height="150" alt="Applet1" archive="soutldd.jar">
</applet>
It does not work when I try it. My HTML document is in the middle of the extracted directory. How can I use the applet in html, somebody please try this.
THe error in the console
java.lang.RuntimeException: java.lang.ExceptionInInitializerError
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ExceptionInInitializerError
at de.wim.outldd.OutlookDD.init(OutlookDD.java:73)
at de.wim.outldd.examples.DragDropTest_Applet$1.run(DragDropTest_Applet.java:29)
at java.security.AccessController.doPrivileged(Native Method)
at de.wim.outldd.examples.DragDropTest_Applet.<init>(DragDropTest_Applet.java:26)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.io.tmpdir read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at de.wim.outldd.OutlDDNativeLib.loadDllFromResource(OutlDDNativeLib.java:135)
at de.wim.outldd.OutlDDNativeLib.loadDll(OutlDDNativeLib.java:104)
at de.wim.outldd.OutlDDNativeLib.<clinit>(OutlDDNativeLib.java:62)
... 19 more
Exception: java.lang.RuntimeException: java.lang.ExceptionInInitializerError
Your applet is trying to read the temp directory value from the java.io.tmpdir system property which is previleged. Applets run in a sandbox environment with restricted permissions beacause of security reasons. To fix it, override the default security policy to allow your applet to read the property by setting the property permission - java.util.PropertyPermission, on the property. To override default permissions define the policy in your user home's .java.policy file. It is recommended that you edit your user specific policy file and not the global policy file under your JRE security directory. Refer the template below:
grant codeBase "<code base>" {
permission <type> "<target>", "<actions>";
permission <type> "<target>", "<actions>";
...
};
For eg.
grant codeBase "http://geosim.cs.vt.edu/geosim/-" {
permission java.util.PropertyPermission "java.io.tmpdir", "read";
...
};
Edited:
I noticed that you already have the applet link specified in your post at the top. So, I am giving a step by step guide to get you started.
Here you go -
Copy $JRE_HOME/lib/security/java.policy file to your user home (on windows it is c:\users\< user name>) as .java.policy file. Please note the preceding "." in the file name.
Add the following lines to the end of .java.policy file:
grant codeBase "http://www.wilutions.com/outldd/-" {
permission java.security.AllPermission;
};
Run the applet in an appletviewer as follows and see if it works.
appletviewer http://www.wilutions.com/outldd/example.html
Please note that I am specifying all permissions to the applet for sake the of geting you started but it is potentially insecure to grant all permmissions. You should grant only the required permissions. So, I leave it to you to figure it out.
Have you followed the guide found here and are you sure the specified paths are correct in relation to your directory/html page?
Also what about applet JAR file soutldd.jar path is this correct?
go to Java preferences->advance and turn Java console on so that you can see what is happening on loading your applet in HTML.
in windows
java preferences: control panel -> java
Hi managed to create the jar and .jnlp files for my Java application but running into trouble when it runs. Launches okay with Java Web Start but I think I need to do something
extra as normally when I run it it doesn't ask for permission to access the HD for file I/O.
Would appreciate some help and advise to know what to do to get the permission rights i.e. what do I have to do is it something I have to do to all my classes not sure. The error
message I get in Java Web Start is as below.
Exception in thread "AWT-EventQueue-0" java.security.AccessControlException:
access denied (java.io.FilePermission StockDatabase;Stocks.dat read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
at StockCodeDatabase.<init>(OptraderSA.java:782)
at OptraderSA.actionPerformed(OptraderSA.java:136)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unkno
You need to sign your JNLP file and configure the <security> element, as discussed here.
Add the following to your JNLP:
<security>
<all-permissions/>
</security>
This will pop a dialogue asking the user the give the necessary permission to your app.
If you want access to the file system you need to change your JNLP file to include:
<security><all-permissions/></security>
This requires you to also sign your jar files.
Another option is to package the file inside the jar as a resource and you don't have to do all that.
I have an applet which have to read a file from server. But I receive the following exception
java.security.AccessControlException: access denied (java.io.FilePermission \kb1.xml read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.isDirectory(Unknown Source)
at sun.net.www.protocol.file.FileURLConnection.connect(Unknown Source)
at sun.net.www.protocol.file.FileURLConnection.getInputStream(Unknown Source)
...
I tried to put a java.policy.applet file with permission granted for reading but it doesn't work.
I need a quick way to solve this problem. I have to specify that for making this applet I used java 6.
You said you want to read a file on the server, but the exception is caused by trying to read a file on the client (the machine that is running the applet).
You cannot read files from the server directly. You need to access them via HTTP or put them into the applet's jar file and load it from there.