2 Replies Latest reply: Feb 15, 2012 10:45 PM by 917826 RSS

    AccessControlException in JavaSE update 29

      I have a qustion about Critical Patch Updates in JavaSE update 29.

      I created a web application to access web Server using ssh.
      And I made options to anual certificate check by next source.

      HttpsURLConnection httpsconnection = (HttpsURLConnection) url.openConnection();

      KeyManager[] km = null;
      +TrustManager[] tm = { new X509TrustManager() {+
      public void checkClientTrusted(X509Certificate[] arg0, String arg1)
      +throws CertificateException {+
      public void checkServerTrusted(X509Certificate[] arg0, String arg1)
      +throws CertificateException {+
      +public X509Certificate[] getAcceptedIssuers() {+
      return null;
      +} };+

      SSLContext sslcontext = null;
      +try {+
      sslcontext = SSLContext.getInstance(config.getProtocol());
      sslcontext.init(km, tm, null);

      This function ran in JavaSE update 27,
      but It threw error in JavaSE update 29 with stacktrace.

      java.security.AccessControlException: access denied (java.lang.RuntimePermission setFactory)
       +at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)+
       +at java.security.AccessController.checkPermission(AccessController.java:546)+
       +at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)+
       +at java.lang.SecurityManager.checkSetFactory(SecurityManager.java:1612)+
       +at javax.net.ssl.HttpsURLConnection.setSSLSocketFactory(HttpsURLConnection.java:356)+

      Is this error a effect of CPU, CVE-2011-3560?
      Is that correct to add the server policy "Runtime Permission setFactory"?