Forum Stats

  • 3,768,921 Users
  • 2,252,874 Discussions
  • 7,874,798 Comments

Discussions

Getting security exception

Anthony747
Anthony747 Member Posts: 1

Hi,

I am new to Java and learning the Java security. Following the java documentation tutorial (https://docs.oracle.com/javase/tutorial/security/userperm/index.html ) on creating special permission, I get an java.lang.SecurityException when I reach the end of the tutorial at (https://docs.oracle.com/javase/tutorial/security/userperm/kim.html ). Here is the content of the kim.policy file:

keystore "kim.keystore";

grant SignedBy "terry" {

  permission

    HighScorePermission

      "SoccerGame", signedBy "chris";

};

grant SignedBy "chris" {

  permission java.util.PropertyPermission

    "user.home", "read";

  permission java.io.FilePermission

      "${user.home}${/}Downloads/TMP/scoreFile", "read,write";

  permission

    HighScorePermission

      "*", signedBy "chris";

};

The stack trace:

Exception in thread "main" java.lang.SecurityException: class "HighScore"'s signer information does not match signer information of other classes in the same package

        at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1151)

        at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:906)

        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1015)

        at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)

        at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:732)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:727)

        at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)

        at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:740)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:642)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:600)

        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)

        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)

        at SoccerGame.setHighScore(SoccerGame.java:21)

        at SoccerGame.main(SoccerGame.java:36)

For the sake of simplicity, I have removed all the package names from the source code (i.e. com.gamedev.games) and I renamed the class ExampleGames to SoccerGames. All the respective keys, keystores and certificates where generated according to the tutorial, however, I feel the security exception is due to the fact that jar files in this tutorial is signed by two different signers (according to the tutorial of course).

In addition, when I try to load the kim.policy into policytool, it can not find the class HighScorePermission which is located in terry.jar according to tutorial. From the windows command prompt, I have set the classpath to include the two jar file (terry.jar and hs.jar) in this tutorial.

I have invested a great deal to troubleshoot these two problems, alas reached the end of the rope and hopeless. At this junction, any insights, help or idea will be so great.

Thanks