java.lang.SecurityException: attempted to open sandboxed jar file:/C:/Users/cecce/AppData/Roaming/JOSM/plugins/jogl/lib/jogl-2.3.2/jogl-all-2.3.2.jar as a Trusted-Library

GitHub | james2432 | 3 months ago
  1. 0

    GitHub comment 59#246661522

    GitHub | 3 months ago | james2432
    java.lang.SecurityException: attempted to open sandboxed jar file:/C:/Users/cecce/AppData/Roaming/JOSM/plugins/jogl/lib/jogl-2.3.2/jogl-all-2.3.2.jar as a Trusted-Library
  2. 0

    FULL PRODUCT VERSION : java version "1.8.0_91" Java(TM) SE Runtime Environment (build 1.8.0_91-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode) ADDITIONAL OS VERSION INFORMATION : Windows 7 Linux 64 ... A DESCRIPTION OF THE PROBLEM : Since version 8.1.91 is reported in the download, the part of the libraries are not signed. This happens when log4j. I tried the current 1.2.17 and the older version in 2006. With both an error message Security Excepiton. With version 8.1.77, the whole works yet. REGRESSION. Last worked in version 8u91 STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Use log4j in webstart Application ERROR MESSAGES/STACK TRACES THAT OCCUR : java.lang.SecurityException: class "org.apache.log4j.helpers.PatternParser$LiteralPatternConverter" does not match trust level of other classes in the same package at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at java.net.URLClassLoader$1.run(URLClassLoader.java:365) at java.net.URLClassLoader$1.run(URLClassLoader.java:362) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:361) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at org.apache.log4j.PatternLayout.createPatternParser(PatternLayout.java:488) at org.apache.log4j.PatternLayout.<init>(PatternLayout.java:438) at org.apache.log4j.PatternLayout.<init>(PatternLayout.java:430) at de.tmg.dezent2.common.webstart.Webstart.initLog4jDaily(Webstart.java:1517) at de.tmg.dezent2.common.webstart.Webstart.<init>(Webstart.java:173) at de.tmg.dezent2.common.webstart.Webstart.main(Webstart.java:1085) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import org.apache.log4j.PatternLayout; PatternLayout layout = new PatternLayout(); ---------- END SOURCE ----------

    JDK Bug System | 8 months ago | Webbug Group
    java.lang.SecurityException: class "org.apache.log4j.helpers.PatternParser$LiteralPatternConverter" does not match trust level of other classes in the same package
  3. Speed up your debug routine!

    Automated exception search integrated into your IDE

  4. 0

    FULL PRODUCT VERSION : Java Web Start 11.91.2.14 Using JRE version 1.8.0_91-b14 Java HotSpot(TM) Client VM ADDITIONAL OS VERSION INFORMATION : Appears OS independent. Confirmed on: Microsoft Windows [Version 6.1.7601] Darwin Kernel Version 15.5.0: Tue Apr 19 18:36:36 PDT 2016; root:xnu-3248.50.21~8/RELEASE_X86_64 x86_64 A DESCRIPTION OF THE PROBLEM : I cannot run a WebStart application containing a signed log4j 1.2.17 jar on 1.8.0_91. Error messages are included below. This is the problem reported in JDK-8155901 that the user did not follow up on. I can reproduce and am willing to follow up. Like JDK-8155901 I have a signed app that has been working fine for years. All jars in the app are signed and include the RIA security attributes: Application-Name: MyApp Permissions: all-permissions Codebase: * Trusted-Only: true It still works on 1.8.0_77. It also works on 1.8.0_91 if I downgrade to log4j 1.2.16. Speculation follows... The two log4j versions mentioned have different OSGI related Manifest entries. The one that does not work includes the DynamicImport-Package: * entry in the following section: Name: org.apache.log4j DynamicImport-Package: * Implementation-Vendor: "Apache Software Foundation" Implementation-Title: log4j Implementation-Version: 1.2.17 After being signed (via maven-webstart plugin) the above section ends up midway through the Manifest in amongst the class signatures. Is is possible there's a defect related to the OSGI entry and/or the section ordering? REGRESSION. Last worked in version 8u77 ERROR MESSAGES/STACK TRACES THAT OCCUR : With Trusted-Only=false: java.lang.ExceptionInInitializerError at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.SecurityException: class "org.apache.log4j.spi.RootLogger" does not match trust level of other classes in the same package at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.log4j.Logger.getLogger(Logger.java:117) at com.ibfx.lm.ui.app.Application.<clinit>(Application.java:29) ... 9 more With Trusted-Only=true: java.lang.ExceptionInInitializerError at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.SecurityException: Trusted-Only loader attempted to load sandboxed resource from http://192.168.1.11:9090/myapp/app/log4j-1.2.17.jar.pack.gz at com.sun.deploy.security.CPCallbackHandler$ParentCallback.check(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ParentCallback.access$1800(Unknown Source) at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.log4j.Logger.getLogger(Logger.java:117) at com.ibfx.lm.ui.app.Application.<clinit>(Application.java:29) ... 9 more REPRODUCIBILITY : This bug can be reproduced always. CUSTOMER SUBMITTED WORKAROUND : Use log4j 1.2.16.

    JDK Bug System | 6 months ago | Webbug Group
    java.lang.ExceptionInInitializerError
  5. 0

    FULL PRODUCT VERSION : java version "1.8.0_91" Java(TM) SE Runtime Environment (build 1.8.0_91-b14) Java HotSpot(TM) Client VM (build 25.91-b14, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.3.9600] A DESCRIPTION OF THE PROBLEM : When launching a simple Web Start application with a dependency on the log4j 1.2.17 library (as can be found on http://mvnrepository.com/artifact/log4j/log4j/1.2.17 ) , with the Web Start application and the log4j library signed with a certificate. We get the "Unable to launch the application." dialog. This error happens because of: Caused by: java.lang.SecurityException: class "org.apache.log4j.spi.RootLogger" does not match trust level of other classes in the same package . See the crash log below for the full stacktrace. In our test setup there are only two jars (our own test jar, and the log4j jar). REGRESSION. Last worked in version 8u73 ADDITIONAL REGRESSION INFORMATION: java version "1.8.0_73" Java(TM) SE Runtime Environment (build 1.8.0_73-b02) Java HotSpot(TM) Client VM (build 25.73-b02, mixed mode, sharing) STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Create a simple Web Start application, with the given source code. Create a jar for the source code, sign it, add it to the Web Start deployment. Sign the log4j library, and add it to the Web Start deployment. Create a simple jnlp file with the two jars as resources. Launch the Web Start application. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - The Web Start application launches and shows a simple dialog. ACTUAL - The Unable to launch the application dialog because of an application error. Details can be found in the error messages / crash logs field. ERROR MESSAGES/STACK TRACES THAT OCCUR : java.lang.ExceptionInInitializerError at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.SecurityException: class "org.apache.log4j.spi.RootLogger" does not match trust level of other classes in the same package at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at java.net.URLClassLoader$1.run(URLClassLoader.java:365) at java.net.URLClassLoader$1.run(URLClassLoader.java:362) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:361) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at org.apache.log4j.Logger.getLogger(Logger.java:117) at com.planonsoftware.webstart.Main.<clinit>(Main.java:18) ... 9 more REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- // src/com/planonsoftware/webstart/Main.java package com.planonsoftware.webstart; import javax.swing.*; import java.awt.*; public class Main { public static void main(String[] args) { JFrame frame = new JFrame("Webstart test"); frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); JLabel label = new JLabel(); Container content = frame.getContentPane(); content.add(label, BorderLayout.CENTER); String message = "Webstart test"; label.setText(message); frame.pack(); frame.show(); } } // META-INF/MANIFEST.MF Manifest-Version: 1.0 Permissions: all-permissions // test.jnlp <?xml version="1.0" encoding="UTF-8"?><jnlp spec="1.0+" codebase="http://localhost:8070/webstart_with_logging/"> <information> ... </information> <security> <all-permissions/> </security> <resources> <j2se version="1.8*" java-vm-args="-da" initial-heap-size="32m" max-heap-size="700m"/> <jar href="test.jar"/> <jar href="log4j-1.2.17.jar"/> </resources> <application-desc main-class="com.planonsoftware.webstart.Main"/> </jnlp> ---------- END SOURCE ----------

    JDK Bug System | 7 months ago | Webbug Group
    java.lang.ExceptionInInitializerError

    11 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.SecurityException

      attempted to open sandboxed jar file:/C:/Users/cecce/AppData/Roaming/JOSM/plugins/jogl/lib/jogl-2.3.2/jogl-all-2.3.2.jar as a Trusted-Library

      at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource()
    2. com.sun.deploy
      DeployURLClassPath.getResource
      1. com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
      2. com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
      3. com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
      4. com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
      4 frames
    3. Java RT
      URLClassLoader.findClass
      1. java.net.URLClassLoader$1.run(Unknown Source)
      2. java.net.URLClassLoader$1.run(Unknown Source)
      3. java.security.AccessController.doPrivileged(Native Method)
      4. java.net.URLClassLoader.findClass(Unknown Source)
      4 frames
    4. com.sun.jnlp
      JNLPClassLoader.findClass
      1. com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
      1 frame
    5. Java RT
      ClassLoader.loadClass
      1. java.lang.ClassLoader.loadClass(Unknown Source)
      1 frame
    6. com.sun.jnlp
      JNLPClassLoader.loadClass
      1. com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source)
      1 frame
    7. Java RT
      ClassLoader.loadClass
      1. java.lang.ClassLoader.loadClass(Unknown Source)
      1 frame
    8. com.sun.jnlp
      JNLPClassLoader.loadClass
      1. com.sun.jnlp.JNLPClassLoader.loadClass(Unknown Source)
      1 frame
    9. Java RT
      ClassLoader.loadClass
      1. java.lang.ClassLoader.loadClass(Unknown Source)
      2. java.lang.ClassLoader.loadClass(Unknown Source)
      3. java.lang.ClassLoader.defineClass1(Native Method)
      4. java.lang.ClassLoader.defineClass(Unknown Source)
      5. java.security.SecureClassLoader.defineClass(Unknown Source)
      6. java.net.URLClassLoader.defineClass(Unknown Source)
      7. java.net.URLClassLoader.access$100(Unknown Source)
      8. java.net.URLClassLoader$1.run(Unknown Source)
      9. java.net.URLClassLoader$1.run(Unknown Source)
      10. java.security.AccessController.doPrivileged(Native Method)
      11. java.net.URLClassLoader.findClass(Unknown Source)
      12. java.lang.ClassLoader.loadClass(Unknown Source)
      13. java.lang.ClassLoader.loadClass(Unknown Source)
      13 frames
    10. kendzi.josm.kendzi3d
      Kendzi3dModule.configure
      1. kendzi.josm.kendzi3d.module.Kendzi3dModule.configure(Kendzi3dModule.java:108)
      1 frame
    11. Google Guice - Core Library
      Guice.createInjector
      1. com.google.inject.AbstractModule.configure(AbstractModule.java:59)
      2. com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:223)
      3. com.google.inject.spi.Elements.getElements(Elements.java:101)
      4. com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:133)
      5. com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:103)
      6. com.google.inject.Guice.createInjector(Guice.java:95)
      7. com.google.inject.Guice.createInjector(Guice.java:72)
      8. com.google.inject.Guice.createInjector(Guice.java:62)
      8 frames
    12. kendzi.josm.kendzi3d
      Kendzi3DPlugin.<init>
      1. kendzi.josm.kendzi3d.Kendzi3DPlugin.<init>(Kendzi3DPlugin.java:82)
      1 frame
    13. Java RT
      Constructor.newInstance
      1. sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      2. sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      3. sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      4. java.lang.reflect.Constructor.newInstance(Unknown Source)
      4 frames
    14. org.openstreetmap.josm
      MainApplication.main
      1. org.openstreetmap.josm.plugins.PluginInformation.load(PluginInformation.java:327)
      2. org.openstreetmap.josm.plugins.PluginHandler.loadPlugin(PluginHandler.java:706)
      3. org.openstreetmap.josm.plugins.PluginHandler.loadPlugins(PluginHandler.java:758)
      4. org.openstreetmap.josm.plugins.PluginHandler.loadLatePlugins(PluginHandler.java:797)
      5. org.openstreetmap.josm.gui.MainApplication.loadLatePlugins(MainApplication.java:395)
      6. org.openstreetmap.josm.gui.MainApplication.main(MainApplication.java:328)
      6 frames
    15. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      4. java.lang.reflect.Method.invoke(Unknown Source)
      4 frames
    16. com.sun.javaws
      Launcher.run
      1. com.sun.javaws.Launcher.executeApplication(Unknown Source)
      2. com.sun.javaws.Launcher.executeMainClass(Unknown Source)
      3. com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
      4. com.sun.javaws.Launcher.run(Unknown Source)
      4 frames
    17. Java RT
      Thread.run
      1. java.lang.Thread.run(Unknown Source)
      1 frame