This discussion is archived
2 Replies Latest reply: Feb 15, 2012 8:45 PM by 917826 RSS

AccessControlException in JavaSE update 29

917826 Newbie
Currently Being Moderated
I have a qustion about Critical Patch Updates in JavaSE update 29.

I created a web application to access web Server using ssh.
And I made options to anual certificate check by next source.

HttpsURLConnection httpsconnection = (HttpsURLConnection) url.openConnection();

KeyManager[] km = null;
+TrustManager[] tm = { new X509TrustManager() {+
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+throws CertificateException {+
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+throws CertificateException {+
+public X509Certificate[] getAcceptedIssuers() {+
return null;
+} };+

SSLContext sslcontext = null;
+try {+
sslcontext = SSLContext.getInstance(config.getProtocol());
sslcontext.init(km, tm, null);

This function ran in JavaSE update 27,
but It threw error in JavaSE update 29 with stacktrace.

--- access denied (java.lang.RuntimePermission setFactory)
 +at java.lang.SecurityManager.checkPermission(
 +at java.lang.SecurityManager.checkSetFactory(

Is this error a effect of CPU, CVE-2011-3560?
Is that correct to add the server policy "Runtime Permission setFactory"?



  • Correct Answers - 10 points
  • Helpful Answers - 5 points