This discussion is archived
2 Replies Latest reply: Feb 15, 2012 8:45 PM by 917826 RSS

AccessControlException in JavaSE update 29

917826 Newbie
Currently Being Moderated
Hi.
I have a qustion about Critical Patch Updates in JavaSE update 29.

I created a web application to access web Server using ssh.
And I made options to anual certificate check by next source.

---
HttpsURLConnection httpsconnection = (HttpsURLConnection) url.openConnection();

KeyManager[] km = null;
+TrustManager[] tm = { new X509TrustManager() {+
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+throws CertificateException {+
+}+
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+throws CertificateException {+
+}+
+public X509Certificate[] getAcceptedIssuers() {+
return null;
+}+
+} };+

SSLContext sslcontext = null;
          
+try {+
sslcontext = SSLContext.getInstance(config.getProtocol());
                              
sslcontext.init(km, tm, null);
httpsconnection.setSSLSocketFactory(sslcontext.getSocketFactory());
httpsconnection.connect();
               
+:::+
---

This function ran in JavaSE update 27,
but It threw error in JavaSE update 29 with stacktrace.

---
java.security.AccessControlException: access denied (java.lang.RuntimePermission setFactory)
 +at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)+
 +at java.security.AccessController.checkPermission(AccessController.java:546)+
 +at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)+
 +at java.lang.SecurityManager.checkSetFactory(SecurityManager.java:1612)+
 +at javax.net.ssl.HttpsURLConnection.setSSLSocketFactory(HttpsURLConnection.java:356)+
----

Is this error a effect of CPU, CVE-2011-3560?
Is that correct to add the server policy "Runtime Permission setFactory"?

Regards.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points