Jump to content
Sign in to follow this  
DavidMcCann

How do I alter Java security settings?

Recommended Posts

I'm trying to get access to on-line academic journals and I need to run a Java applet downloaded by a library's server. When I try to do this, I get an error message:

 

java.security.AccessControlException: access denied
(java.net.SocketPermission appserve.londonlibrary.co.uk resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342
)
at java.security.AccessController.checkPermission(AccessController.java:556)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:550)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1049)
at java.net.InetAddress.getAllByName0(InetAddress.java:1192)
at java.net.InetAddress.getAllByName0(InetAddress.java:1173)
at java.net.InetAddress.getAllByName(InetAddress.java:1120)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.io.net.ip.s.a(Unknown Source)
at com.citrix.client.module.td.tcp.TCPTransportDriver.t(Unknown Source)
at com.citrix.client.module.td.TransportDriver.run(Unknown Source)
at java.lang.Thread.run(Thread.java:675)

 

The systems administrator at the Library simply told me I needed to alter my Java security (I'd thought it was their server not accepting me) and someone suggested using

 

cat << EOC  > $java.policy
grant codeBase "http://appserve.londonlibrary.co.uk" { permission java.security.AllPermission;}
EOC

 

which was no help at all. I've looked at 10 pages of Google output and taken a brief, appalled glance at the documentation supplied with Java, to no avail. I don't want to learn Java, just to get the damned thing to work. Can anyone explain a simple way of doing this?

 

I'm using Java 1.7, Firefox 2.0, and Fedora 8.

Share this post


Link to post
Share on other sites

Not that I can pretend to be knowledgeable on Java (because I hate it with a passion :P) but reading through some of the Sun forums it seems that you need to look in your Java install, then in jre/ext/security/ that is where the java.policy file is.

 

To find your java.policy file try:

$ locate java.policy

 

Or maybe look for the security directory:

$ locate security | grep ext

 

Hopefully you can find where to put that java.policy file.

 

Then!

 

The suggestion there was to do either grant all permissions (unsecure therefore):

grant {
 permission java.security.AllPermission;
}

 

Or just for the website:

grant codeBase "http://the.url.here" {
 permission java.security.AllPermission;
}

Share this post


Link to post
Share on other sites

Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious!

 

Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.

 

This is the sort of thing that always deters me from recommending Linux :angry:

Share this post


Link to post
Share on other sites
Thanks for the ideas. I found java.policy buried at /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/lib/security/. Very obvious!

 

Adding the permission just for the website had no effect. Adding a blanket permission got rid of the error message, but left me with a blank pop-up window. The error console revealed a fatal error: init is not defined. This looks like a mistake in the applet, but is certainly down to Fedora's Java -- no-one else has reported any serious problems to the library.

 

This is the sort of thing that always deters me from recommending Linux :angry:

 

Hrmm, I can't directly think of anything that is wrong there but a suggestion would be to use JRE 1.6 instead of 1.7.

 

To install do this:

 

- Download the Java from Sun's download site. http://www.java.com/en/download/index.jsp (Choose the Linux RPM version)

 

- Open a terminal and become root, then:

sh jre-6u5-linux-i586.bin

 

Answer yes, then it will go ahead and install Java. Finally you need to link in your java plugin.

 

Do:

locate libjavaplugin_oji

 

That should show something with the "1.6.0_05" it in path. Use that to link into your firefox:

ln -s thefullpathto/libjavaplugin_oji.so /usr/lib/mozilla/plugins

 

Then open up your java and have a go. You might need to find and edit the java.policy file again this time the 1.6 policy file instead of the 1.7 one!

 

I can fully understand your annoyance with this sort of thing. I have found that java either works perfectly first time or is a real challenge to work (which is why I said I hated it in the first place :)).

 

Tell us how you get on.

Share this post


Link to post
Share on other sites

Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!

Share this post


Link to post
Share on other sites
Getting Java from Sun is what I did originally. I carefully followed all their instructions and Java was eventually listed in Firefox's about:plugins window. The checker at Sun reported that Java was correctly installed, but the demo didn't run, and the library server claimed that I didn't even have it. That's why I got the iced-tea version. Fedora's site does report that it still has a few bugs, so it looks like it's a case of reading my journals in the library and waiting in hope for Fedora 9. I did try to report my problems to Fedora, but I couldn't get Bugzilla to work, either!

 

I guess you already figured it out, but in your case I would disable selinux ( in my point of view thats whats causing the blocking )

 

sed -i 's/=enabled/=disabled/g' /etc/sysconfig/selinux

and

 

sed -i 's/SELINUXTYPE=targeted/#SELINUXTYPE=targeted/' /etc/sysconfig/selinux

 

or manually edit /etc/sysconfig/selinux.

 

P.S. a reboot is required after modifying /etc/sysconfig/selinux.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...