问题
We use applet on our application login page. Applet contains 2 classes. Jar is signed (ca certificate). Manifest file contains: "Trusted-Library: true.
It works for most of the users but some of them have problems with applet because JVM report Security Exception: Attempted to to open a sandboxed jar as a Trusted-Library.
Have you any idea why it wont work for them?
For exaple User1 has Java Plug-in 10.21.2.11 JRE version 1.7.0_21-b11 Java HotSpot(TM) Client VM. He try Firefox 21 and IE 8.0.6001.18702.
JVM report General Exception:
basic: Plugin2ClassLoader.addURL parent called for
https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar
basic: Plugin2ClassLoader.addURL parent called for
https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
security: Blacklist revocation check is enabled
security: blacklist: created: NEED_LOAD, lastModified: 1374827364000
security: blacklist: hasBeenModifiedSince 1374827396921 (we have 1374827364000)
security: Trusted libraries list check is enabled
security: blacklist: hasBeenModifiedSince 1374827583375 (we have 1374827364000)
network: Cache entry found [url: https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar, version: null] prevalidated=false/0
cache: Adding MemoryCache entry: https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar
cache: Resource https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar has expired.
network: Connecting https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar with proxy=DIRECT
security: blacklist: hasBeenModifiedSince 1374827435937 (we have 1374827364000)
security: blacklist: hasBeenModifiedSince 1374827390640 (we have 1374827364000)
security: blacklist: hasBeenModifiedSince 1374827583375 (we have 1374827364000)
network: CleanupThread used 268961 us
network: Connecting http://www.sod.pfron.org.pl:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files\Java\jre1.7.0_21\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Documents and Settings\Marek\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Documents and Settings\Marek\Dane aplikacji\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Check if certificate can be verified using certificates in Root CA certificate store
security: Certificate to be verified:
[
<.....>
]
security: Certificate has been verified with Root CA certificates successfully
security: Invalid certificate from HTTPS server
basic: Dialog type is not candidate for embedding
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
network: ResponseCode for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : 304
network: Encoding for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : null
network: Disconnect connection to https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar
cache: Reading Signers from 3935 https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar | C:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\60\6283407c-46587e7d.idx
cache: Done readSigners(https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar)
cache: Read manifest for https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar: read=273 full=273
basic: Plugin2ClassLoader.isTrustedByPolicy called
basic: Plugin2ClassLoader.isTrustedByPolicy returns false
security: resource name "pl/computerland/sod/prezentacja/klient/cienki/applet/JavaVersion.class" in https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
security: resource name "pl/computerland/sod/prezentacja/klient/cienki/applet/JavaVersion.class" in https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar : java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
basic: exception: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library.
java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
basic: exception: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library.
java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.SecurityException: attempted to open sandboxed jar https://www.sod.pfron.org.pl/_applet/Logowanie_8.32.2.48.jar as a Trusted-Library
basic: Dialog type is not candidate for embedding
basic: Dialog type is not candidate for embedding
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@5dcf43
security: Reset deny session certificate store
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@1b93cf8
security: Reset deny session certificate store
回答1:
We have a similar problem. For us the issue was that the jre\lib\security\java.policy file on the client machine was modified with the addition of:
grant {
permission java.security.AllPermission;
};
If this was removed the error disappeared. Also in our test the error disappeared if we removed Trusted-Library: true, but that is not really an option considering the new Java applet rules.
We've also posted the information here https://forums.oracle.com/message/11238296#11238296 but with no reply for now.
来源:https://stackoverflow.com/questions/18142230/some-users-gets-security-exception-attempted-to-to-open-a-sandboxed-jar-as-a-tr