[jboss-user] [Security & JAAS/JBoss] - EJB & java web start application security issue

michalzel do-not-reply at jboss.com
Tue Oct 10 11:09:59 EDT 2006


I made java application which performs access to EJB(3.0) remote component. To have classes dynamicly loaded from server I put:

  | URL policyResource = Main.class.getResource ("/client.policy");
  | System.setProperty("java.security.policy",policyResource.toString ());
  | System.setSecurityManager (new RMISecurityManager ());
  | Thread.currentThread ().setContextClassLoader (RMIClassLoader.getClassLoader (""));	
I grant all permisions to client and application works fine.
When I run it from a web start I got:

  | (some AWT stuff)
  | Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
  | 	at java.security.AccessControlContext.checkPermission(Unknown Source)
  | 	at java.security.AccessController.checkPermission(Unknown Source)
  | 	at java.lang.SecurityManager.checkPermission(Unknown Source)
  | 	at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
  | 	at java.lang.Class.checkMemberAccess(Unknown Source)
  | 	at java.lang.Class.getDeclaredMethods(Unknown Source)
  | 	at org.jboss.aop.util.MethodHashing.getInterfaceHashes(MethodHashing.java:150)
  | 	at org.jboss.aop.util.MethodHashing.calculateHash(MethodHashing.java:219)
  | 	at org.jboss.ejb3.ProxyUtils.<clinit>(ProxyUtils.java:65)
  | 	... 44 more
  | Exception in thread "AWT-EventQueue-0" java.lang.NoClassDefFoundError
  | 	at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:79)
  | 	at $Proxy0.findData(Unknown Source)
  | 	at fetching.EJBRowSetDataFetcher.refreshData(EJBRowSetDataFetcher.java:63)
I signed all jars and put following:

  | <security>
  |    <all-permissions/>
  | </security> 
In jnlp file. What may be the cause?
Sorry if it is wrong forum, but I found it the closest to exception message.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977268#3977268

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977268

More information about the jboss-user mailing list