AW: Webstart security problem

Mueller-Schramm, Gerd gerd.mueller-schramm at hexagongeospatial.com
Mon Nov 7 09:34:18 UTC 2016


I've tried to set java.security.debug via Java Control Panel but it seems to have no effect for Webstart. Printing out all system properties in the Java Console shows that it isn't set at all. But I've set trace level to 5 an got the following output - sorry for the German parts of the output :-) :

java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Program Files (x86)\Mozilla Firefox\basename" "read")
	at java.security.AccessControlContext.checkPermission(java.base at 9-ea/AccessControlContext.java:468)
	at java.security.AccessController.checkPermission(java.base at 9-ea/AccessController.java:894)
	at java.lang.SecurityManager.checkPermission(java.base at 9-ea/SecurityManager.java:548)
	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(jdk.javaws at 9-ea/JavaWebStartSecurity.java:225)
	at java.lang.SecurityManager.checkRead(java.base at 9-ea/SecurityManager.java:887)
	at java.io.File.isDirectory(java.base at 9-ea/File.java:845)
	at java.io.File.toURI(java.base at 9-ea/File.java:733)
	at com.sun.org.apache.xml.internal.resolver.helpers.FileURL.makeURL(java.xml at 9-ea/FileURL.java:85)
	at com.sun.org.apache.xml.internal.resolver.Catalog.parseCatalogFile(java.xml at 9-ea/Catalog.java:821)
	at com.sun.org.apache.xml.internal.resolver.Catalog.parsePendingCatalogs(java.xml at 9-ea/Catalog.java:760)
	at com.sun.org.apache.xml.internal.resolver.Catalog.parseCatalog(java.xml at 9-ea/Catalog.java:608)
	at com.sun.org.apache.xml.internal.resolver.Catalog.loadSystemCatalogs(java.xml at 9-ea/Catalog.java:583)
	at com.sun.org.apache.xml.internal.resolver.CatalogManager.getPrivateCatalog(java.xml at 9-ea/CatalogManager.java:727)
	at com.sun.org.apache.xml.internal.resolver.CatalogManager.getCatalog(java.xml at 9-ea/CatalogManager.java:754)
	at com.sun.xml.internal.ws.util.xml.XmlUtil.createDefaultCatalogResolver(java.xml.ws at 9-ea/XmlUtil.java:314)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.createCatalogResolver(java.xml.ws at 9-ea/WSServiceDelegate.java:363)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(java.xml.ws at 9-ea/WSServiceDelegate.java:349)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:307)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:216)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:197)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:193)
	at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(java.xml.ws at 9-ea/ProviderImpl.java:104)
	at javax.xml.ws.Service.<init>(java.xml.ws at 9-ea/Service.java:77)
	at com.intergraph.services.emea._2011._03.authorization.AuthorizationService_Service.<init>(AuthorizationService_Service.java:58)
	at simplewebstart.Main.main(Main.java:23)
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base at 9-ea/Native Method)
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base at 9-ea/NativeMethodAccessorImpl.java:62)
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base at 9-ea/DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(java.base at 9-ea/Method.java:535)
	at com.sun.javaws.Launcher.executeApplication(jdk.javaws at 9-ea/Launcher.java:1738)
	at com.sun.javaws.Launcher.executeMainClass(jdk.javaws at 9-ea/Launcher.java:1673)
	at com.sun.javaws.Launcher.doLaunchApp(jdk.javaws at 9-ea/Launcher.java:1521)
	at com.sun.javaws.Launcher.run(jdk.javaws at 9-ea/Launcher.java:157)
	at java.lang.Thread.run(java.base at 9-ea/Thread.java:843)
Traceebene auf 5 (alle) setzen... abgeschlossen.network: Cacheeintrag nicht gefunden [URL: http://127.0.0.1/GMSC/Authorization.svc?wsdl, Version: null]
network: Verbindung von http://127.0.0.1/GMSC/Authorization.svc?wsdl mit Proxy=DIRECT wird hergestellt
cache: http://127.0.0.1/GMSC/Authorization.svc?wsdl is not cacheable.
network: Cacheeintrag nicht gefunden [URL: http://127.0.0.1/GMSC/Authorization.svc?wsdl=wsdl0, Version: null]
network: Verbindung von http://127.0.0.1/GMSC/Authorization.svc?wsdl=wsdl0 mit Proxy=DIRECT wird hergestellt
cache: http://127.0.0.1/GMSC/Authorization.svc?wsdl=wsdl0 is not cacheable.
network: Cacheeintrag nicht gefunden [URL: http://127.0.0.1/GMSC/Authorization.svc?wsdl, Version: null]
network: Verbindung von http://127.0.0.1/GMSC/Authorization.svc?wsdl mit Proxy=DIRECT wird hergestellt
cache: http://127.0.0.1/GMSC/Authorization.svc?wsdl is not cacheable.
java.lang.reflect.InvocationTargetException
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base at 9-ea/Native Method)
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base at 9-ea/NativeMethodAccessorImpl.java:62)
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base at 9-ea/DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(java.base at 9-ea/Method.java:535)
	at com.sun.javaws.Launcher.executeApplication(jdk.javaws at 9-ea/Launcher.java:1738)
	at com.sun.javaws.Launcher.executeMainClass(jdk.javaws at 9-ea/Launcher.java:1673)
	at com.sun.javaws.Launcher.doLaunchApp(jdk.javaws at 9-ea/Launcher.java:1521)
	at com.sun.javaws.Launcher.run(jdk.javaws at 9-ea/Launcher.java:157)
	at java.lang.Thread.run(java.base at 9-ea/Thread.java:843)
Caused by: java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
	at java.security.AccessControlContext.checkPermission(java.base at 9-ea/AccessControlContext.java:468)
	at java.security.AccessController.checkPermission(java.base at 9-ea/AccessController.java:894)
	at java.lang.SecurityManager.checkPermission(java.base at 9-ea/SecurityManager.java:548)
	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(jdk.javaws at 9-ea/JavaWebStartSecurity.java:225)
	at java.net.ProxySelector.getDefault(java.base at 9-ea/ProxySelector.java:96)
	at com.sun.xml.internal.ws.api.EndpointAddress$1.run(java.xml.ws at 9-ea/EndpointAddress.java:159)
	at com.sun.xml.internal.ws.api.EndpointAddress$1.run(java.xml.ws at 9-ea/EndpointAddress.java:156)
	at java.security.AccessController.doPrivileged(java.base at 9-ea/Native Method)
	at com.sun.xml.internal.ws.api.EndpointAddress.chooseProxy(java.xml.ws at 9-ea/EndpointAddress.java:155)
	at com.sun.xml.internal.ws.api.EndpointAddress.<init>(java.xml.ws at 9-ea/EndpointAddress.java:119)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parsePort(java.xml.ws at 9-ea/RuntimeWSDLParser.java:516)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parseService(java.xml.ws at 9-ea/RuntimeWSDLParser.java:484)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(java.xml.ws at 9-ea/RuntimeWSDLParser.java:462)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:234)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:194)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:163)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(java.xml.ws at 9-ea/WSServiceDelegate.java:349)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:307)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:216)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:197)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:193)
	at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(java.xml.ws at 9-ea/ProviderImpl.java:104)
	at javax.xml.ws.Service.<init>(java.xml.ws at 9-ea/Service.java:77)
	at com.intergraph.services.emea._2011._03.authorization.AuthorizationService_Service.<init>(AuthorizationService_Service.java:58)
	at simplewebstart.Main.main(Main.java:23)
	... 9 more
#### Java Web Start Error:
#### access denied ("java.net.NetPermission" "getProxySelector")
java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
	at java.security.AccessControlContext.checkPermission(java.base at 9-ea/AccessControlContext.java:468)
	at java.security.AccessController.checkPermission(java.base at 9-ea/AccessController.java:894)
	at java.lang.SecurityManager.checkPermission(java.base at 9-ea/SecurityManager.java:548)
	at com.sun.javaws.security.JavaWebStartSecurity.checkPermission(jdk.javaws at 9-ea/JavaWebStartSecurity.java:225)
	at java.net.ProxySelector.getDefault(java.base at 9-ea/ProxySelector.java:96)
	at com.sun.xml.internal.ws.api.EndpointAddress$1.run(java.xml.ws at 9-ea/EndpointAddress.java:159)
	at com.sun.xml.internal.ws.api.EndpointAddress$1.run(java.xml.ws at 9-ea/EndpointAddress.java:156)
	at java.security.AccessController.doPrivileged(java.base at 9-ea/Native Method)
	at com.sun.xml.internal.ws.api.EndpointAddress.chooseProxy(java.xml.ws at 9-ea/EndpointAddress.java:155)
	at com.sun.xml.internal.ws.api.EndpointAddress.<init>(java.xml.ws at 9-ea/EndpointAddress.java:119)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parsePort(java.xml.ws at 9-ea/RuntimeWSDLParser.java:516)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parseService(java.xml.ws at 9-ea/RuntimeWSDLParser.java:484)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(java.xml.ws at 9-ea/RuntimeWSDLParser.java:462)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:234)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:194)
	at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(java.xml.ws at 9-ea/RuntimeWSDLParser.java:163)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(java.xml.ws at 9-ea/WSServiceDelegate.java:349)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:307)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:216)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:197)
	at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(java.xml.ws at 9-ea/WSServiceDelegate.java:193)
	at com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(java.xml.ws at 9-ea/ProviderImpl.java:104)
	at javax.xml.ws.Service.<init>(java.xml.ws at 9-ea/Service.java:77)
	at com.intergraph.services.emea._2011._03.authorization.AuthorizationService_Service.<init>(AuthorizationService_Service.java:58)
	at simplewebstart.Main.main(Main.java:23)
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base at 9-ea/Native Method)
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base at 9-ea/NativeMethodAccessorImpl.java:62)
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base at 9-ea/DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(java.base at 9-ea/Method.java:535)
	at com.sun.javaws.Launcher.executeApplication(jdk.javaws at 9-ea/Launcher.java:1738)
	at com.sun.javaws.Launcher.executeMainClass(jdk.javaws at 9-ea/Launcher.java:1673)
	at com.sun.javaws.Launcher.doLaunchApp(jdk.javaws at 9-ea/Launcher.java:1521)
	at com.sun.javaws.Launcher.run(jdk.javaws at 9-ea/Launcher.java:157)
	at java.lang.Thread.run(java.base at 9-ea/Thread.java:843)
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key OK
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key OK
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Details

Gerd Müller-Schramm 
Software Developer, GeoMedia Smart Client Kommunal
T: +49 341 92 60 30 47 
E: gerd.mueller at hexagongeospatial.com

Hexagon Geospatial
Wittenberger Straße 15B
04129 Leipzig, Germany
hexagongeospatial.com


-----Ursprüngliche Nachricht-----
Von: Alan Bateman [mailto:Alan.Bateman at oracle.com] 
Gesendet: Sonntag, 6. November 2016 20:54
An: Wang Weijun <weijun.wang at oracle.com>; Mueller-Schramm, Gerd <gerd.mueller-schramm at hexagongeospatial.com>
Cc: jdk9-dev <jdk9-dev at openjdk.java.net>
Betreff: Re: Webstart security problem

On 06/11/2016 01:46, Wang Weijun wrote:

> :
>> Has each module it's own classloader?
> There are 2 class loaders loading JDK classes now, the boot loader loading modules like java.base etc, the platform loader loading some other modules (see http://hg.openjdk.java.net/jdk9/dev/file/e41be20156e6/make/common/Modules.gmk#l47).
>
> The platform modules do not always have AllPermission.
>
Right, and I think more of the stack trace will be needed to diagnose this. In particular the java.xml.ws module was mentioned in the original message so it would be good to see where it is in the stack as this could be missing doPrivileged, maybe in a callback and so is restricted by the limited permissions that the java.xml.ws module has been granted.

-Alan



More information about the jdk9-dev mailing list