Reputation: 3916
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.
https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45 http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#trusted_library http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
at java.security.KeyStore.load(Unknown Source)
at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
.java.policy file I'm creating in public void init() method of applet. Its before accessing anything in applet.
grant
{
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
};
Update: 18th Nov, 2013
Its not working even if using code signing certificate
Upvotes: 7
Views: 24284
Answers (3)
Reputation: 37
Issue:
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
It is because we needs permission to access file system resources, but an unsigned applet is denied this permission by default. So, to overcome this, the applet must be signed.
Simply you need to signed your applet jar file.
Upvotes: 0
Reputation: 1503
I know it's pretty late to answer here, but adding my solution as I had a tough time with this:
My Issue: While deploying an application (a WAR file) that has dependencies on Bouncy Castle libraries, I faced this issue: `
cannot create instance of
org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
java.security.AccessControlException: access denied
("java.security.SecurityPermission"
"putProviderProperty.BC")
`
Here is what I did and it worked for me:
Go to: {Installed JDK path}\jre\lib\security\
Open the file java.policy
Add permission: permission java.security.SecurityPermission "putProviderProperty.BC";
Restart the programs to load the changes.
I am yet to understand how exactly this works or if it is safe to just change java.policy file like this (still looking for other ways to achieve such a configuration).
Do take precautions with such a change. More at Oracle's doc
Upvotes: 1
Reputation: 111
I cannot comment yet so am putting this as an answer instead.
I believe creating the .java.policy file in your applet will be too late - the plugin will have already started up and read the policy files before running any of your code.
You could sign your applet and use a jnlp file to assign permissions in the security element
Upvotes: 1
Related Questions
- java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.pkcs11)
- java.security.NoSuchProviderException: no such provider: SunMSCAPI
- Java applet security error
- "java.security.AccessControlException: access denied" executing a signed Java Applet
- java.security.AccessControlException:
- security: access denied exception in Japplet
- Applet with JDBC - java.security.AccessControlException: access denied
- Java applet is not supporting the Authenticator.setDefault
- Java applet project "java.security.AccessControlException: access denied" error
- Java Applet java.security.AccessControlException?