This discussion is archived
4 Replies Latest reply: Apr 4, 2012 1:02 AM by gimbal2 RSS

How can I change java.policy at runtim?

928159 Newbie
Currently Being Moderated
Hi,

I have to change java.policy to launch my application through webstart to provide one RuntimePermission "permission java.lang.RuntimePermission "getClassLoader";"
Its because of a bug in java bug "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_"

So, my problem here is, how can I do this dynamically on each client machine's java.policy.

I have spent time on this and found some alternatives

1. Specifying an Additional Policy File at Runtime by launching application *"java -Djava.security.manager -Djava.security.policy=someURL SomeApp"*
Please refer more on this "_http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html_"

But, here the problem is, how can I do this using webstart (expert.jnlp) file even though I have the "java-vm-args" tag, its not supporting this argument.
Please refer "_http://docs.oracle.com/javase/6/docs/technotes/guides/javaws/developersguide/syntax.html#security_";

2. Implementing the Policy in code.
But, not sure how to do this..

How can I grant the runtime permission on every user's machine dynamycally?

Please suggest me if you have any other solutions for this problem.


Please help on this.


Thanks in advance :)

Edited by: 925156 on Apr 3, 2012 5:38 AM

Edited by: 925156 on Apr 3, 2012 5:38 AM
  • 1. Re: How can I change java.policy at runtim?
    gimbal2 Guru
    Currently Being Moderated
    If you could do that, whats the whole point of this file? Whats to stop anyone and everyone from just completely opening up all permissions all the time? Wouldn't it be a huge security hole if what you are asking for were possible?

    Btw let me fix the link for you:

    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366

    "closed, not a defect". Apparently the Java engineers don't agree with you when calling this a bug. In stead of looking for a way around it, perhaps you should search for the actual reason why you get a security permission error to begin with and try to fix it at the root?
  • 2. Re: How can I change java.policy at runtim?
    sabre150 Expert
    Currently Being Moderated
    Points -

    1) If any Java program could change the policy file it is using then any Java program could modify the policy file so that it granted permission for it to do any anything. Result - an open sandbox and therefore no security.

    2) The bug report is very very old, 9 odd years, and was last reported when using JRE 1.5.0_11 and Weblogic 10.0.1.0 and was not classed as a bug anyway. JRE 1.5 is well past it's end of life. Are you still using 1.5 and are you using Weblogic?

    3) You don't give any details of how you know you are experiencing this 'bug', what JRE you are using, what platform you are working on etc etc etc. I'm not convinced you have the problem you think you have. Can you produce a Webstart SSCCE that demonstrates the problem? Given this information and an SSCCE someone may then be able to suggest a solution.
  • 3. Re: How can I change java.policy at runtim?
    928159 Newbie
    Currently Being Moderated
    Hi,

    Thankyou very much for your reply :)

    Here are some background details on this:

    I am using java6 and weblogic 10.3.3.

    Here is thing that I tried,

    My application downloads a few jars to the client machines using java webstart and then it will get the initial context using the t3 protocal. The jars include wlclient.jar and ojdbc6.jar initially.

    The problem here I was facing, when I tried request a bean, it is giving me the following exception in the client logs.It is requesting one state less session bean and I checked the server logs as well and the bean has returned the expected values properly.

    But here I observed one more thing, before this request, one session bean(state less) has been requested successfully.


    java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:
    org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
    at com.sun.corba.se.impl.javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
    at javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
    at com.mbt.expert.server.util._ServerDBQueryObjectRemote_Stub.getExchangeList(Unknown Source)
    at com.mbt.expert.util.DBQueryObject.getExchangeList(DBQueryObject.java:419)
    at com.mbt.expert.view.dialogs.OpenExchangeDialog.actionPerformed(OpenExchangeDialog.java:425)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$000(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.Dialog$1.run(Unknown Source)
    at java.awt.Dialog$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.awt.Dialog.show(Unknown Source)
    at com.mbt.expert.view.dialogs.OpenExchangeDialog.displayDialog(OpenExchangeDialog.java:606)
    at com.mbt.expert.mdi.actions.OpenExchangeAction.execute(OpenExchangeAction.java:204)
    at com.mbt.mdi.MDICommand.actionPerformed(MDICommand.java:47)
    at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
    at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
    at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
    at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
    at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
    at java.awt.Component.processMouseEvent(Unknown Source)
    at javax.swing.JComponent.processMouseEvent(Unknown Source)
    at java.awt.Component.processEvent(Unknown Source)
    at java.awt.Container.processEvent(Unknown Source)
    at java.awt.Component.dispatchEventImpl(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
    at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
    at java.awt.Container.dispatchEventImpl(Unknown Source)
    at java.awt.Window.dispatchEventImpl(Unknown Source)
    at java.awt.Component.dispatchEvent(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$000(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.awt.EventQueue$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.awt.EventQueue$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
    Caused by: org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
    at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
    at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
    at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
    ... 80 more


    The same is working in some other machine which are in different network. So, I have replaced the wlclient.jar with the wlthint3client.jar.


    After replacing this jar I was getting the below exception in client logs while requesting a state less session bean.I also checked whether the request is reaching the server (bean) or not, but its not reaching the server.The problem is same at all the machines irrespective of the networks.

    java.lang.AssertionError: Failed to generate class for com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub
         at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:797)
         at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:786)
         at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
         at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:213)
         at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
         at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
         at java.io.ObjectInputStream.readObject0(Unknown Source)
         at java.io.ObjectInputStream.readObject(Unknown Source)
         at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:197)
         at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:598)
         at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:193)
         at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:62)
         at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:240)
         at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
         at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
         at weblogic.jndi.internal.ServerNamingNode_1033_WLStub.lookup(Unknown Source)
         at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
         at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
         at javax.naming.InitialContext.lookup(Unknown Source)
         at com.mbt.expert.mdi.ExpertVariable.getLoginSession(ExpertVariable.java:455)
         at com.mbt.expert.view.dialogs.Login.okPressed(Login.java:187)
         at com.mbt.expert.view.dialogs.Login.keyPressed(Login.java:141)
         at java.awt.Component.processKeyEvent(Unknown Source)
         at javax.swing.JComponent.processKeyEvent(Unknown Source)
         at java.awt.Component.processEvent(Unknown Source)
         at java.awt.Container.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
         at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
         at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown Source)
         at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown Source)
         at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Window.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
         at java.awt.Dialog$1.run(Unknown Source)
         at java.awt.event.InvocationEvent.dispatch(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)
    Caused by: java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
         at java.lang.reflect.Constructor.newInstance(Unknown Source)
         at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:795)
         ... 55 more
    Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
         at weblogic.utils.classloaders.AugmentableClassLoaderManager.getAugmentableClassLoader(AugmentableClassLoaderManager.java:48)
         at weblogic.rmi.internal.ClientRuntimeDescriptor.findLoader(ClientRuntimeDescriptor.java:254)
         at weblogic.rmi.internal.ClientRuntimeDescriptor.getInterfaces(ClientRuntimeDescriptor.java:132)
         at weblogic.rmi.internal.StubInfo.getInterfaces(StubInfo.java:77)
         at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.ensureInitialized(Unknown Source)
         at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.<init>(Unknown Source)
         ... 60 more


    I have tried one more thing, I have taken all the required jars to one of the client machines and executed the main class (by setting the required class path) from cmd using java instead of javaws. Surprisingly, its working fine with out any problem using the wlthint3client.jar.

    I also tried the same, by placing wlclient.jar using java in the same way(from cmd instead of javaws ), but I was facing the same exception while requesting the second session bean and found the same above exception in client logs.



    To resolve this, I come across the java bug that I have given earlier "_http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4809366_".

    In that page, I found a work around for this; suggested by bea to add the Runtime permission "*permission java.lang.RuntimePermission "getClassLoader";*" to the clients java.policy

    So, please suggest me a way to resolve this problem.

    Thanks in advance :)
  • 4. Re: How can I change java.policy at runtim?
    gimbal2 Guru
    Currently Being Moderated
    satish wrote:
    In that page, I found a work around for this; suggested by bea to add the Runtime permission "*permission java.lang.RuntimePermission "getClassLoader";*" to the clients java.policy

    So, please suggest me a way to resolve this problem.
    Listen to them. And in the mean time, ask the question in the Weblogic forum where you should have asked it to begin with.

    https://forums.oracle.com/forums/category.jspa?categoryID=193

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points