Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Getting security exception

Anthony747Aug 4 2020 — edited Aug 4 2020

Hi,

I am new to Java and learning the Java security. Following the java documentation tutorial (https://docs.oracle.com/javase/tutorial/security/userperm/index.html ) on creating special permission, I get an java.lang.SecurityException when I reach the end of the tutorial at (https://docs.oracle.com/javase/tutorial/security/userperm/kim.html ). Here is the content of the kim.policy file:

keystore "kim.keystore";

grant SignedBy "terry" {

  permission

    HighScorePermission

      "SoccerGame", signedBy "chris";

};

grant SignedBy "chris" {

  permission java.util.PropertyPermission

    "user.home", "read";

  permission java.io.FilePermission

      "${user.home}${/}Downloads/TMP/scoreFile", "read,write";

  permission

    HighScorePermission

      "*", signedBy "chris";

};

The stack trace:

Exception in thread "main" java.lang.SecurityException: class "HighScore"'s signer information does not match signer information of other classes in the same package

        at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1151)

        at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:906)

        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1015)

        at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)

        at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:732)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:727)

        at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)

        at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:740)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:642)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:600)

        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)

        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)

        at SoccerGame.setHighScore(SoccerGame.java:21)

        at SoccerGame.main(SoccerGame.java:36)

For the sake of simplicity, I have removed all the package names from the source code (i.e. com.gamedev.games) and I renamed the class ExampleGames to SoccerGames. All the respective keys, keystores and certificates where generated according to the tutorial, however, I feel the security exception is due to the fact that jar files in this tutorial is signed by two different signers (according to the tutorial of course).

In addition, when I try to load the kim.policy into policytool, it can not find the class HighScorePermission which is located in terry.jar according to tutorial. From the windows command prompt, I have set the classpath to include the two jar file (terry.jar and hs.jar) in this tutorial.

I have invested a great deal to troubleshoot these two problems, alas reached the end of the rope and hopeless. At this junction, any insights, help or idea will be so great.

Thanks

Comments

rober584812

Hello SmithJohn45.
Try the next commands:

systemctl start oracle-xe-21c
systemctl enable oracle-xe-21c

After running the commands, reboot and test the connection to SQLPLUS.
Regards.

SmithJohn45

thanks @rober584812 but it is already mentioned in guide and off course i executed those commands to start database audomatically.
image.png

rober584812
Answer

@smithjohn45 read and try the next: https://connor-mcdonald.com/2021/09/23/21cxe-post-install-tip/
Regards.

Marked as Answer by SmithJohn45 · Oct 1 2021
1 person found this helpful
SmithJohn45

thanks again, will check it and give you feedback

SmithJohn45

@rober584812 here is my feedback...
this helped me and now I can connect to my PDB.
thanks very much for help :)

SmithJohn45

hi rober584812
it was connected to my PDB but when I restart my CentOS 7 VM now it is not connecting to XEPDB1
i issued 2 ' Alter Pluggable Database ' commands ( as below ) but still failed to connect using sys/ora1234@xepdb1
in my .bash_profile i added following environment variables which can only enable me to run sqlplus, also i have to issue command manually as below to connect to XE (CDB) but this also not allowed me to connect to PDB.
. oraenv
alter commands as per oracle documents:

alter PLUGGABLE DATABASE ALL OPEN;
alter PLUGGABLE DATABASE ALL SAVE STATE;

environment variables:
export ORACLE_BASE=/opt/oracle/
export LD_LIBRARY_PATH=$ORACLE_BASE/product/21c/dbhomeXE/lib
export ORACLE_HOME=$ORACLE_BASE/product/21c/dbhomeXE
export PATH=$ORACLE_BASE/product/21c/dbhomeXE/bin:$PATH
export PATH=/usr/bin:$PATH
export ORACLE_SID=XE
this is same problem i am facing in 18c XE. please help to connect and start Apex 21 + ORDS 21 installation and development.
regards
Is it necessary to issue , oraenv command ? what about if i add it in .bash_profile but will this accept XE as parameter in that file?

rober584812

Hello SmithJohn45 , check if the listener is running.

cd <oracle_home>/bin
lsnrctl status

After, if the listener status is OK, try the following command:
system/password@localhost.localdomain:1521/XEPDB1
The order . oraenv is necessary.
Regards.

1 person found this helpful
SmithJohn45

yeah, i can connnect using ezconnect syntax. but as mentioned earlier, i am confused as i want to install Apex & ORDS, how I can configure to use it both " . oraenv " and ezconnect syntax without every time manually interact when logout and login, machine restart etc. and same for production environment?
regards

rober584812

Hello @smithjohn45 , the important thing is that the listener is working, if the listener is in the OK state, you will be able to access the Oracle XE instance without problems; Regarding the installation of APEX with ORDS, using "oraenv" will be required during the installation process, you can configure ORDS in autorun or standalone mode.
Regards.

1 - 9

Post Details

Added on Aug 4 2020
#other-security-apis-tools-and-issues
0 comments
402 views