Login/Register
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
Asked Answered
javaoraclesecurityapplet
E

3

7

Till morning everything working fine in my applet. I took Java update and everything stopped. I'm dealing with digital certificate using applet. Here is my stack trace. I followed some oracle article but didn't work.

https://blogs.oracle.com/java-platform-group/entry/liveconnect_changes_in_7u45 http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#trusted_library http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html

Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\vicky.thakor

java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
    at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:755)
    at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:62)
    at java.security.KeyStore.load(Unknown Source)
    at SecurityApplet.initializeBrowserKeyStore(SecurityApplet.java:162)
    at SecurityApplet.isCertificateInstalled(SecurityApplet.java:268)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.Trampoline.invoke(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

.java.policy file I'm creating in public void init() method of applet. Its before accessing anything in applet.

grant
{
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "*";
};

Update: 18th Nov, 2013

Its not working even if using code signing certificate

enter image description here

Environs answered 16/10, 2013 at 11:15 Comment(4)
I also followed stackoverflow threads but nothing is working...Environs
I signed my certificate with .pfx file and verified it. But its not working...Environs
@AndrewThompson I signed my applet with code signing certificate issued by Thawte but still its not working. Check update question.Environs
Looks like you are calling your applet from JavaScript. The JavaScript wont be signed (out of FireFox 2...), so wont be trusted.Addington
W
1

I cannot comment yet so am putting this as an answer instead.

  1. I believe creating the .java.policy file in your applet will be too late - the plugin will have already started up and read the policy files before running any of your code.

  2. You could sign your applet and use a jnlp file to assign permissions in the security element

Whereof answered 18/10, 2013 at 13:59 Comment(1)
I signed applet and set permission attribute in MANIFEST.MF file but not working.Environs
V
1

I know it's pretty late to answer here, but adding my solution as I had a tough time with this:

My Issue: While deploying an application (a WAR file) that has dependencies on Bouncy Castle libraries, I faced this issue: `

cannot create instance of
org.bouncycastle.jcajce.provider.digest.GOST3411$Mappings
 java.security.AccessControlException: access denied
("java.security.SecurityPermission"
"putProviderProperty.BC")

`

Here is what I did and it worked for me: Go to: {Installed JDK path}\jre\lib\security\ Open the file java.policy

Add permission: permission java.security.SecurityPermission "putProviderProperty.BC";

Restart the programs to load the changes.

I am yet to understand how exactly this works or if it is safe to just change java.policy file like this (still looking for other ways to achieve such a configuration).

Do take precautions with such a change. More at Oracle's doc

Valencia answered 22/10, 2019 at 17:53 Comment(0)
L
0

Issue:

java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)

It is because we needs permission to access file system resources, but an unsigned applet is denied this permission by default. So, to overcome this, the applet must be signed.

Simply you need to signed your applet jar file.

Signed jar file

Lette answered 6/12, 2019 at 7:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.