Fixing the security exception : "class /"" + packageName + "/" does not match trust level of other classes in the same package"

最近遇到了这样的一个问题,一个JWS程序,在JRE1.6.0_13上运行没有问题,但是在JRE1.6.0_22上运行就会报出如下异常,

 

java.lang.SecurityException: class “org.apache.log4j.Logger” does not match trust level of other classes in the same package

 

1. 在oracle网站发现一个说明,

http://download.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html

 

在update19以后会有这个问题。

 

2. 在stackoverflow问了下,http://stackoverflow.com/questions/4680823/java-lang-securityexception-class-org-apache-log4j-logger-does-not-match-trust

 

原因是extension的JNLP没有指定security,加上后解决。

 

3. 开java console的debug,

 

We can see more detail information by enabling the debug info of java console by adding following statement in the deployment.properties under “D:/Documents and Settings/login/Application Data/Sun/Java/Deployment”, the directory varies with your PC. For more detail, refer to http://download.oracle.com/javase/1.5.0/docs/guide/deployment/deployment-guide/properties.html

 

deployment.trace.level=all

 

After enabling this option, we can see much much more info in the java console, which will benefit our debugging a lot. Here is a fragment of the debugging info (before JNLP files change).

 

security: JAVAWS AppPolicy Permission requested for: https://localhost/jars/log4j-1.2.12.jar

security: Add sandbox permissions

security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/jfreechart-1.0.0.jar

security: Add sandbox permissions

security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/sessierstub.jar

security: Istrusted: https:// localhost /a.jnlp true

security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/libsmmon.jar

security: Istrusted: https:// localhost /b.jnlp true

security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/libamv.jar

security: Istrusted: https:// localhost /b.jnlp true

security: resource name "org/apache/log4j/Logger.class" in https:// localhost /jars/log4j-1.2.12.jar : java.lang.SecurityException: class "org.apache.log4j.Logger" does not match trust level of other classes in the same package


4. The relationship between the security configuration and the jar signature status is shown in following table.

 

<security>

       <all-permissions/>

</security -->

< !-- security>

       <all-permissions/>

</security -->

Signed jar file

basic: Main-class: Jar1

cache:  Read manifest for http://localhost:8080/T/jar1_mix.jar: read=347 full=347

security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar

security: Istrusted: http://localhost:8080/T/test.jnlp true

security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar

security: Istrusted: http://localhost:8080/T/test.jnlp true

network: Connecting socket://127.0.0.1:1964 with proxy=DIRECT

I am in org.apache.log 1

 

hello

basic: Main-class: Jar1

security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar

security: Add sandbox permissions

security: resource name "Jar1.class" in http://localhost:8080/T/jar1_mix.jar : java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/T/jar1_mix.jar as a Trusted-Library

#### Java Web Start Error:

#### attempted to open sandboxed jar http://localhost:8080/T/jar1_mix.jar as a Trusted-Library

Unsigned jar file

#### Java Web Start Error:

#### Found unsigned entry in resource: http://localhost:8080/T/jar1.jar

basic: Main-class: Jar1

cache: Reading Signers from 0 http://localhost:8080/T/jar1.jar | D:/Documents and Settings/hosun/Application Data/Sun/Java/Deployment/cache/6.0/51/26f984b3-48893e42.idx

network: No certificate info for unsigned JAR file: http://localhost:8080/T/jar1.jar

network: No certificate info for unsigned JAR file: http://localhost:8080/T/jar1.jar

cache:  Read manifest for http://localhost:8080/T/jar1.jar: read=63 full=63

security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1.jar

security: Add sandbox permissions

security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1.jar

security: Add sandbox permissions

network: Connecting socket://127.0.0.1:1931 with proxy=DIRECT

I am in org.apache.log 1

 

hello

 

5. Java console log contents can be saved, make sure the options are enabled(控制面板=>Java=>advanced=>debug). The logs are located in D:/Documents and Settings/login/Application Data/Sun/Java/Deployment/log


6. For more information about JNLP and Java Web Start,

http://mindprod.com/jgloss/javawebstart.html

http://lopica.sourceforge.net/faq.html

http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/faq.html

http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/troubleshooting.03.06.html

http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/contents.html contains the JNLP spec.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 4
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值