Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Desktop >> Deploying

(Signed) Trusted application getting SecurityExceptions

We have a application that we deploy thru Web Start. All of our jars are signed and the jnlp file specifies all-permissions in the <security> tag yet I am getting SecurityExceptions which are caused by AccessControlExceptions that point to SocketPermission and RuntimePermission with message of 'access denied'.

We are using JDK1.4 and the jnlp indicates 1.4+ for the version. This is only happening on one service call and works fine outside of Web Start.

How do I start debugging this 'security' problem?If I have to change the java.policy file, which one do I change - servers or clients?

Stacktrace below

Logging to file: C:\temp\jnlpcentral.log

caught a SecurityException. That's OK.

java.lang.ClassNotFoundException: access to class loader denied

at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)

at sun.rmi.server.LoaderHandler.loadClass(Unknown Source)

at java.rmi.server.RMIClassLoader$2.loadClass(Unknown Source)

at java.rmi.server.RMIClassLoader.loadClass(Unknown Source)

at weblogic.j2ee.ApplicationManager.loadFromNetwork(ApplicationManager.java:632)

at weblogic.j2ee.ApplicationManager.loadClass(ApplicationManager.java:300)

at weblogic.j2ee.ApplicationManager.loadClass(ApplicationManager.java:237)

at weblogic.rjvm.MsgAbbrevInputStream.readClassDescriptor(MsgAbbrevInputStream.java:314)

at weblogic.common.internal.ChunkedObjectInputStream$NestedObjectInputStream.readClassDescriptor(ChunkedObjectInputStream.java:320)

at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)

at java.io.ObjectInputStream.readClassDesc(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.util.HashMap.readObject(Unknown Source)

at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.util.ArrayList.readObject(Unknown Source)

at sun.reflect.GeneratedMethodAccessor22.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at weblogic.common.internal.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:114)

at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:111)

at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:56)

at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:159)

at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:285)

at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:244)

at com.jda.portfolio.infrastructure.server.service.application.ApplicationService_tkzmp2_EOImpl_813_WLStub.find(Unknown Source)

at com.jda.portfolio.cos.client.action.security.actions.ApplicationSearchPanel.createAppsComboBox(ApplicationSearchPanel.java:150)

at com.jda.portfolio.cos.client.action.security.actions.ApplicationSearchPanel.<init>(ApplicationSearchPanel.java:107)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsTaskArea.<init>(SecurityAssignActionsTaskArea.java:67)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsController.<init>(SecurityAssignActionsController.java:26)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsAction.run(SecurityAssignActionsAction.java:37)

at com.jda.portfolio.infrastructure.client.action.BaseAction.actionPerformed(BaseAction.java:180)

at com.jda.portfolio.infrastructure.client.component.toolbar.ActionWrapper.actionPerformed(ActionWrapper.java:50)

at com.jda.portfolio.infrastructure.client.component.toolbar.TreePanel$5.mouseClicked(TreePanel.java:227)

at java.awt.AWTEventMulticaster.mouseClicked(Unknown Source)

at java.awt.AWTEventMulticaster.mouseClicked(Unknown Source)

at java.awt.Component.processMouseEvent(Unknown Source)

at java.awt.Component.processEvent(Unknown Source)

at java.awt.Container.processEvent(Unknown Source)

at java.awt.Component.dispatchEventImpl(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Window.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8001 connect,resolve)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at sun.rmi.server.LoaderHandler$Loader.checkPermissions(Unknown Source)

at sun.rmi.server.LoaderHandler$Loader.access$000(Unknown Source)

... 79 more

java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkCreateClassLoader(Unknown Source)

at java.lang.ClassLoader.<init>(Unknown Source)

at java.security.SecureClassLoader.<init>(Unknown Source)

at weblogic.utils.classloaders.GenericClassLoader.<init>(GenericClassLoader.java:117)

at weblogic.utils.classloaders.GenericClassLoader.<init>(GenericClassLoader.java:109)

at weblogic.j2ee.ApplicationManager.loadFromNetwork(ApplicationManager.java:622)

at weblogic.j2ee.ApplicationManager.loadClass(ApplicationManager.java:300)

at weblogic.j2ee.ApplicationManager.loadClass(ApplicationManager.java:237)

at weblogic.rjvm.MsgAbbrevInputStream.readClassDescriptor(MsgAbbrevInputStream.java:314)

at weblogic.common.internal.ChunkedObjectInputStream$NestedObjectInputStream.readClassDescriptor(ChunkedObjectInputStream.java:320)

at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)

at java.io.ObjectInputStream.readClassDesc(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.util.HashMap.readObject(Unknown Source)

at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.util.ArrayList.readObject(Unknown Source)

at sun.reflect.GeneratedMethodAccessor22.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at weblogic.common.internal.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:114)

at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:111)

at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:56)

at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:159)

at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:285)

at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:244)

at com.jda.portfolio.infrastructure.server.service.application.ApplicationService_tkzmp2_EOImpl_813_WLStub.find(Unknown Source)

at com.jda.portfolio.cos.client.action.security.actions.ApplicationSearchPanel.createAppsComboBox(ApplicationSearchPanel.java:150)

at com.jda.portfolio.cos.client.action.security.actions.ApplicationSearchPanel.<init>(ApplicationSearchPanel.java:107)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsTaskArea.<init>(SecurityAssignActionsTaskArea.java:67)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsController.<init>(SecurityAssignActionsController.java:26)

at com.jda.portfolio.cos.client.action.security.actions.SecurityAssignActionsAction.run(SecurityAssignActionsAction.java:37)

at com.jda.portfolio.infrastructure.client.action.BaseAction.actionPerformed(BaseAction.java:180)

at com.jda.portfolio.infrastructure.client.component.toolbar.ActionWrapper.actionPerformed(ActionWrapper.java:50)

at com.jda.portfolio.infrastructure.client.component.toolbar.TreePanel$5.mouseClicked(TreePanel.java:227)

at java.awt.AWTEventMulticaster.mouseClicked(Unknown Source)

at java.awt.AWTEventMulticaster.mouseClicked(Unknown Source)

at java.awt.Component.processMouseEvent(Unknown Source)

at java.awt.Component.processEvent(Unknown Source)

at java.awt.Container.processEvent(Unknown Source)

at java.awt.Component.dispatchEventImpl(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)

at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)

at java.awt.Container.dispatchEventImpl(Unknown Source)

at java.awt.Window.dispatchEventImpl(Unknown Source)

at java.awt.Component.dispatchEvent(Unknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

53274ERROR root [AWT-EventQueue-0]: Error retrieving Application records java.rmi.UnmarshalException: failed to unmarshal interface java.util.List; nested exception is:

java.io.InvalidClassException: failed to read class descriptor

[14050 byte] By [mikemila] at [2007-10-2 17:21:18]
«« JCombobox
»» quick question
# 1

Issue resolved: not really a signing issue at all.

There was a ClassNotFoundException but the true culprit was a missing jar file in the jnlp file.It was not about not being able to access the class loader. We were returning objects that contained other objects and we were missing the jar that contained those objects.

mikemila at 2007-7-13 18:37:22 > top of Java-index,Desktop,Deploying...
Desktop
Deploying

Desktop New Topic

Desktop Hot Topic

Desktop

All Classified