Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I alter Java security settings?
#1

I'm trying to get access to on-line academic journals and I need to run a Java applet downloaded by a library's server. When I try to do this, I get an error message:

 



Code:
java.security.AccessControlException: access denied
(java.net.SocketPermission appserve.londonlibrary.co.uk resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342
)
at java.security.AccessController.checkPermission(AccessController.java:556)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:550)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1049)
at java.net.InetAddress.getAllByName0(InetAddress.java:1192)
at java.net.InetAddress.getAllByName0(InetAddress.java:1173)
at java.net.InetAddress.getAllByName(InetAddress.java:1120)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
at java.lang.Thread.run(Thread.java:675)




 

The systems administrator at the Library simply told me I needed to alter my Java security (I'd thought it was their server not accepting me) and someone suggested using

 



Code:
cat << EOC  > $java.policy
grant codeBase "http://appserve.londonlibrary.co.uk" { permission java.security.AllPermission;}
EOC




 

which was no help at all. I've looked at 10 pages of Google output and taken a brief, appalled glance at the documentation supplied with Java, to no avail. I don't want to learn Java, just to get the damned thing to work. Can anyone explain a simple way of doing this?

 

I'm using Java 1.7, Firefox 2.0, and Fedora 8.

Reply
#2

Not that I can pretend to be knowledgeable on Java (because I hate it with a passion :P) but reading through some of the Sun forums it seems that you need to look in your Java install, then in jre/ext/security/ that is where the java.policy file is.

 

To find your java.policy file try:



Code:
$ locate java.policy




 

Or maybe look for the security directory:



Code:
$ locate security | grep ext




 

Hopefully you can find where to put that java.policy file.

 

Then!

 

The suggestion there was to do either grant all permissions (unsecure therefore):



Code:
grant {
permission java.security.AllPermission;
}




 

Or just for the website:



Code:
grant codeBase "http://the.url.here" {
permission java.security.AllPermission;
}




Reply
#3

Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious!

 

Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.

 

This is the sort of thing that always deters me from recommending Linux [img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]

Reply
#4

Quote:Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious! 

Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.

 

This is the sort of thing that always deters me from recommending Linux [img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]
 

Hrmm, I can't directly think of anything that is wrong there but a suggestion would be to use JRE 1.6 instead of 1.7.

 

To install do this:

 

- Download the Java from Sun's download site. http://www.java.com/en/download/index.jsp (Choose the Linux RPM version)

 

- Open a terminal and become root, then:



Code:
sh jre-6u5-linux-i586.bin




 

Answer yes, then it will go ahead and install Java. Finally you need to link in your java plugin.

 

Do:



Code:
locate libjavaplugin_oji




 

That should show something with the "1.6.0_05" it in path. Use that to link into your firefox:



Code:
ln -s thefullpathto/libjavaplugin_oji.so /usr/lib/mozilla/plugins




 

Then open up your java and have a go. You might need to find and edit the java.policy file again this time the 1.6 policy file instead of the 1.7 one!

 

I can fully understand your annoyance with this sort of thing. I have found that java either works perfectly first time or is a real challenge to work (which is why I said I hated it in the first place :)).

 

Tell us how you get on.

Reply
#5
Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!
Reply
#6

Quote:Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!
 

I guess you already figured it out, but in your case I would disable selinux ( in my point of view thats whats causing the blocking )

 



Code:
sed -i 's/=enabled/=disabled/g' /etc/sysconfig/selinux




and

 



Code:
sed -i 's/SELINUXTYPE=targeted/#SELINUXTYPE=targeted/' /etc/sysconfig/selinux




 

or manually edit /etc/sysconfig/selinux.

 

P.S. a reboot is required after modifying /etc/sysconfig/selinux.

Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)