Geek Answers Handbook

"java.security.AccessControlException: access denied" execution of a signed Java applet

I have a small Java applet and I have an annoying problem. I have signed my JAR with my own keystore using the jarsigner tool (following these instructions ).

The Java applet loads the signed JAR and tries to run it with the extended URLClassLoader class. This JAR tries to execute this line of code:

ClassLoader.getSystemClassLoader().getResource("aResource");

The stack stack trace failed:

 Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366) at java.security.AccessController.checkPermission(AccessController.java:555) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1476) at test.SecondJAR.main(SecondJAR.java:8)

(line 8 of the .SecondJAR test corresponds to the getResource(...) method

When the Java applet is launched, the user is prompted to accept the certificate if he trusts the publisher:

Message to the user

Even if I accept it, an exception has occurred. Even if I install the certificate and the invitation is automatically accepted, an exception has occurred.

I also tried this:

 AccessController.doPrivileged(new PrivilegedAction<Object>() { public Object run() { ClassLoader.getSystemClassLoader().getResource("aResource"); return null; } });

And this is a failure with the same exception.

Any help would be appreciated!

+4
source share
2 answers

Finally, I found the answer!

I followed Andrew Thomson's recommendations and created a custom SecurityManager . My little security manager looks like this:

 private class MySecurityManager extends SecurityManager { @Override public void checkPermission(Permission perm) { return; } }

This is a forgotten security manager who accepts all permissions. It should be improved, allowing to receive only class ClassLoader at runtime.

To use my ugly SecurityManager, I added these lines at the beginning of the Java Applet start() method:

 SecurityManager sm = new MySecurityManager(); System.setSecurityManager(sm);

In this workaround, the whole process worked as expected!

There may be other (better) solutions, but it worked for me.

Thanks everyone!

+8
source

The problem is that the JRE only considers code in the source code base . Two solutions are possible:

  • Define a custom security manager that allows the new code to have the privileges it needs.
  • Wrap the new code in PrivilegedAction and call it from the AccessController.doPrivileged(..) method AccessController.doPrivileged(..) just for me, as an opportunity, Iā€™m not sure, as far as I understand, its area is completely untested).
+2
source

More articles:


All Articles