I'm trying to get access to on-line academic journals and I need to run a Java applet downloaded by a library's server. When I try to do this, I get an error message:
Code:
java.security.AccessControlException: access denied
(java.net.SocketPermission appserve.londonlibrary.co.uk resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342
)
at java.security.AccessController.checkPermission(AccessController.java:556)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:550)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1049)
at java.net.InetAddress.getAllByName0(InetAddress.java:1192)
at java.net.InetAddress.getAllByName0(InetAddress.java:1173)
at java.net.InetAddress.getAllByName(InetAddress.java:1120)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
at java.lang.Thread.run(Thread.java:675)
The systems administrator at the Library simply told me I needed to alter my Java security (I'd thought it was their server not accepting me) and someone suggested using
Code:
cat << EOC > $java.policy
grant codeBase "http://appserve.londonlibrary.co.uk" { permission java.security.AllPermission;}
EOC
which was no help at all. I've looked at 10 pages of Google output and taken a brief, appalled glance at the documentation supplied with Java, to no avail. I don't want to learn Java, just to get the damned thing to work. Can anyone explain a simple way of doing this?
I'm using Java 1.7, Firefox 2.0, and Fedora 8.
Not that I can pretend to be knowledgeable on Java (because I hate it with a passion :P) but reading through some of the Sun forums it seems that you need to look in your Java install, then in jre/ext/security/ that is where the java.policy file is.
To find your java.policy file try:
Code:
$ locate java.policy
Or maybe look for the security directory:
Code:
$ locate security | grep ext
Hopefully you can find where to put that java.policy file.
Then!
The suggestion there was to do either grant all permissions (unsecure therefore):
Code:
grant {
permission java.security.AllPermission;
}
Or just for the website:
Code:
grant codeBase "http://the.url.here" {
permission java.security.AllPermission;
}
Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious!
Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.
This is the sort of thing that always deters me from recommending Linux [img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]
Quote:Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious!
Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.
This is the sort of thing that always deters me from recommending Linux [img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]
Hrmm, I can't directly think of anything that is wrong there but a suggestion would be to use JRE 1.6 instead of 1.7.
To install do this:
- Download the Java from Sun's download site.
http://www.java.com/en/download/index.jsp (Choose the Linux RPM version)
- Open a terminal and become root, then:
Code:
sh jre-6u5-linux-i586.bin
Answer yes, then it will go ahead and install Java. Finally you need to link in your java plugin.
Do:
Code:
locate libjavaplugin_oji
That should show something with the "1.6.0_05" it in path. Use that to link into your firefox:
Code:
ln -s thefullpathto/libjavaplugin_oji.so /usr/lib/mozilla/plugins
Then open up your java and have a go. You might need to find and edit the java.policy file again this time the 1.6 policy file instead of the 1.7 one!
I can fully understand your annoyance with this sort of thing. I have found that java either works perfectly first time or is a real challenge to work (which is why I said I hated it in the first place :)).
Tell us how you get on.
Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!
Quote:Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!
I guess you already figured it out, but in your case I would disable selinux ( in my point of view thats whats causing the blocking )
Code:
sed -i 's/=enabled/=disabled/g' /etc/sysconfig/selinux
and
Code:
sed -i 's/SELINUXTYPE=targeted/#SELINUXTYPE=targeted/' /etc/sysconfig/selinux
or manually edit /etc/sysconfig/selinux.
P.S. a reboot is required after modifying /etc/sysconfig/selinux.