Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

"java.security.AccessControlException: access denied" executing a signed Java Applet

Tags:

java

browser

security

applet

accesscontrolexception

I have a little Java Applet and I have an annoying issue. I have signed my JAR with my own keystore using jarsigner tool (following these instructions).

The Java Applet downloads a signed JAR and tries to launch it with an extended class of URLClassLoader. This JAR tries to execute this line of code:

ClassLoader.getSystemClassLoader().getResource("aResource");

It fails with a large stack trace finished by:

Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
    at java.security.AccessController.checkPermission(AccessController.java:555)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1476)
    at test.SecondJAR.main(SecondJAR.java:8)

(Line 8 of test.SecondJAR corresponds to getResource(...) method

When the Java Applet is launched, the user is prompted to accept the certificate if he/she trusts the publisher:

Message to the user

Even if I accept it, the exception occurred. Even if I install the certificate, and the prompt message is automatically accepted, the exception occurred.

I have tried too this:

AccessController.doPrivileged(new PrivilegedAction<Object>() {
    public Object run() {
        ClassLoader.getSystemClassLoader().getResource("aResource");
        return null;
    }
});

And it fails with the same exception.

Any help would be appreciated!

like image 888
logoff Avatar asked Dec 26 '22 22:12

logoff

1 Answers

Finally I have found the answer!

I followed the guidelines of Andrew Thomson and I created a custom SecurityManager. My little security manager looks like this:

private class MySecurityManager extends SecurityManager {
    @Override
    public void checkPermission(Permission perm) {
        return;
    }
}

It is a neglected security manager that accepts all permissions. It should be improved allowing only getting system ClassLoader in runtime.

To use my ugly SecurityManager I added these lines at the beginning of Java Applet start() method:

SecurityManager sm = new MySecurityManager();
System.setSecurityManager(sm);

With this workaround, all the process worked as expected!

Maybe there exist other (better) solutions, but it worked for me.

Thank you all!

like image 121
logoff Avatar answered May 13 '23 08:05

logoff
Sign in to Comment

Related questions

Generating the report in word format using jasper
Java: why "this( )" is not overriden?
Why can't the java Iterable interface take a generics wildcard? Or: why can't I an overriding iterator() method return an Iterator for a subclass?
Jersey converting from ClientResponse to Response
Why is it necessary to copy the volatile variable instead of using it directly?
about java thread lifetime
Named object not found
Background color of button when using Windows LAF?
is it possible to set the value and access in context.xml in tomcat7 like JNDI?
In ddd practice,Are the CRUD methods should be put in the Model Objects
ActionListener between two classes
Using Akka (with Java) how can I verify that my actor under test is watching another actor?
getClass().getResource("/") returns null in command line
How to make trigonometry code more efficient
GSON deserialization : how to know the objects?
How do I write in a JavaScript prompt message using WebDriver?
JOOQ nested condition
How to add components to JDialog
Moving from one JFrame to another
Dynamically set text in a TextView inside a Layout - Android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!