I have a simple applet that doesn't stray outside the sandbox. It used to work fine before Java 7 but now it craps out with security warnings. It does nothing but play a game, it doesn't even save the state of the game. This is the applet, it's a very simple chess program.
The warnings and popups I'm getting are:
activate javaTM platform SE 7U?allow now?activation blocked by security settings - I never changed any security settings and as I said, this applet stays firmly in the sandbox so I can't see what the issue is.Viewing the java error window I see
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
User home directory = C:UsersMike
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
[code]....
why it shows the C:UsersMike directory in the above listing, there is no access to files etc.The applet plays fine if I run it in appletviewer.What do I need to do to make this simply work in anyone's browser? I have a similar problem with a (rather funky) Connect 4 program I wrote. It worked fine for years and then just stopped with the Java 7.
I have tried running the java application without adding the site to site list in java security tab. But I get a sand box message as APPLICATION BLOCKED BY SECURITY SETTINGS. How to run the java application without adding the site to site list in java security tab.
The error I get is as follows...When the page is loaded I get the following error: java.lang.SecurityException: class "com.myPackage. test.client. TaskApplet" does not match trust level of other classes in the same package
I know that Servlets are meant to do the JDBC tasks, JSP are only for displaying the final information forwarded by the Servlet.
JSP are Servlets too, but I heard an idea that it is safer to make database operations in a Servlet.
The idea is that I have a few JSP that use JSTL tags to retrieve some database information. By doing this I was concerned that this may be bad design, though I really wanted to get in fit with the JSTL tags.
Are there any security weaknesses if doing some JDBC stuff in a JSP, by using JSTL or plain Java code in <%...%>?
P.S. In my JSP I only retrieve data, not modifying it.
I have JSP application naming myProject ,which has been deployed in webapp folder in tomcat. I want to provide security for myProject folder. I mean, I want to protect it from copying by someone else. Is there any way to do the same. I tried by hiding the folder using one of hiding software, but when I do that, I was not able to access those files in web browser.
But when i try to open it i get the message: Application Blocked. Click for details.
- The list i see doesn't work - If i click Ignore nothing happens - If i click reload nothing happens
When i read and search the net i have to change my java security settings. The security setting are HIGH and i cannot change that.But i can fill in an Exception Site List...The hello.html file is on my NAS : file:///X:/Lantronix/hello.html..I fill this in the exception Site list -> I get a message that it is a security risk to add this location.
I've been building out a course lab project over the last few weeks, and at the time (with what we knew), it made sense to use a session level ResourceBundle to facilitate translations.
In order to validate if there is a session level ResourceBundle, I have a filter running (checking if the bundle exists, creating one if not, etc...).
The problem I now have is the final step of the project (the part most recently taught), is to add Declarative Security.
Of course, when that happens the login.jsp is called and the Filter doesn't run. It's not a problem for most scenarios, except for someone who bookmarks a link inside the secure part of the site. Then, the ResourceBundle doesn't exist and the login.jsp content that should be translated is "".
Is there a way to indicate via the web.xml that a specific Filter should be allowed before the login.jsp is displayed?
I imagine JSTL:FMT is probably the best solution, but we don't cover that until after the lab is due. I have a (messy) short-term solution of creating a temporary ResourceBundle in the login.jsp via a scriplet if the session scope ResourceBundle is null, but I was wondering if I missed something with the web.xml.
I am using AES/CBC/PKCS5Padding algorithm to encrypt/decrypt, it works fine across machines, since i am not using a Facrtory to create the secret . I am using constant SecretKeySpec and iv for the ciphers. This of course heart the security , and doesn't prevent the "man of the middle" problem .
I saw that there are ways with key generation with MAC , and RSA symmetric encryption , but i am not sure how to implement it , and how to it depends on local certificates or files .
I have an FX application which invokes a REST JSON webservice. It works perfect if I run it standalone. But if I try to run it over browser, it throws java security exception.
It also works fine in web if I comment some lines that invokes the webservice (code that calls the webservice using jackson.)
Java version used is JDK 1.7u67 IE plugin version : 7.0.670.1
Error log : java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source)
I have several Windows 7 Enterprise machines that have already been deployed via image and need to lower the security settings for use on internal web based applications.
Is there an easy way to manipulate the configuration (a file) so that I may simply make the changes by overwriting the current configuration settings instead of, having to go to each device, opening the Java console, and changing the security settings that way?
I have attempted to login as the machine administration, make the changes on the Java console with the hopes this configuration would have migrated to all user profiles that log into the PC. Is there a "public profile" configuration file I can change and if so, what should I do.
I need to write a simple client to access a WS. Things I can not do :
Modify the serverAdd external jars
The client will be part of a command line call and will run as a stand alone.
I've been searching all day and have found hundreds of vague, overly complex examples, mostly based on SOAPHandler (which tells me I need to install server components which I cannot do). I grasp the general requirements but am having difficulty figuring out how to add the security elements to the header.
What do I need to do to add the username and password tokens to the header?
I have been trying to implement a alphanumeric security code in JAVA. Here are my specifications:
1) Numbers and letters 2) There is user input 3) In the format of NNN-LL-NNNN where N=Numbers and L=UPPERCASE letters 4) If it is incorrect print out INVALID CODE 5) If it is correct print out VALID CODE
Here is what I have produced so far...
import java.util.*; import java.io.*; //Class Declaration class WorkingWithStrings { //Main Method public static void main(String[] args) { //Takes input from user
[Code]...
I have taking the approach of invoking a separate method that will check the validity of the security code. However I am having an issue with creating a statement that checks if the middle two characters of the security code are capital letters. This could possibly tie in with my understanding of strings.
I have to validate security number based on tHIS REQUEST
If the SECURITYNNUBER IS INVALID UNDER THE SECURITYNUMBER attribute,it must reject(Date & algorith). To override the normal validation,the subject must contain INVALIDSECURITYNUMBER. The incorrect ID number must still reflect in the SECURITYNUMBER attribute.
THE FIRST 6 DIGIT IS DATE
EXAMPLE 7701205334086
public boolean val_SECURITYNUMBER() { boolean flag = true; String u_Securtynr = transactionFile.getS_securtynumber(); // 1. Invalid securty number if completed if(!isBlank(u_Securtynr))
I have been trying to find all day long a way to secure my .ear file from modifications made by third parties... My product is packaged as an .ear file which i send for deployment to other administrators. What i am looking for is a way to "sign" my version of .ear versus the deployed version of .ear to be sure that no modification has been made to my code...
I have followed the Java tutorial on JAAS Authentication and Authorization. All the sample code in the tutorials works fine also when running under a security manager. Now I am trying to modify the LoginModule class, so that it uses a password file to look up users and passwords, but as soon as I try to run the code under a security manager, I get a Security Exception. I suppose it has something to do with the code havent been granted any access to read the password file? So I tried to add this to the policy file:
grant codebase "file:./sample/module/-" { permission java.io.FilePermission "sample/module/passwords.txt", "read"; };
It didn't do any difference. why I get this Security Exception?
The only difference from my code to the tutorial code, is that I have added the lines:
I am working on an Eclipse based project that uses WTP Eclipse plugin. Since I have switched security on in that plugin (by checking "Enable Security" check box on) I'm having multiple problems. I get a stack of security errors - attached in this post. I also show my java.policy file. Because the of the mass exceptions I list only the top, although I have attached a docx file with full thing.
Here is my java.policy file:
grant codeBase "file:${catalina.base}/wtpwebapps/App/WEB-INF/lib/hibernate-core-4.3.5.Final.jar" { permission java.util.PropertyPermission "*", "read, write"; }; grant codeBase "file:${catalina.home}/lib/catalina.jar" { permission java.lang.RuntimePermission "*";
[Code] ....
Exceptions:
15/08/2014 10:12:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:Javajdk1.6.0_33in;C:WINDOWSSunJavain; C:WINDOWSsystem32;C:WINDOWS;
this is what I clobbered together for the O'Reilly Java 2 Course, final assignment. There may well be several issues still with this code, my main grief at the moment is: The mouseReleased does not react (it did in the assignment I lifted it from and made only minor changes). No matter where I click on the grid, nothing happens.
I do not think this is possible, but I'd like to confirm. If I have an HTML page that has an embedded Java applet, and that applet in turn renders an HTML document (within the applet window), is the HTML *within* the applet part of / accessible through the DOM for the parent page?
We are using an applet in our web application. The applet of our application is dependent on bouncycastle jar,bcprov-jdk15.jar and few other jar's whose size comes around 4 mb. When using the appliaction on jre7, the applet is taking too long time to load than usual time. Is there any way to place these jar's in client machine? Will it improve the performance? Is there any other way to reduce the loading time of applet apart from placing jars in client machine?
I'm developing an Applet that print a bar code using Jpos API. I need some jars and two configuration file. I've added jars to the classpath and configuration files in src directory. In Eclipse everything works fine.
DefaultProperties prop = new DefaultProperties(); prop.loadJposProperties(); SimpleXmlRegPopulator xmlReg = new SimpleXmlRegPopulator(); xmlReg.load(wincor.jpos17.THxxx.xml");
Everything works fine in Eclispe but I can't find property files when i call the applet from a web page. So I've checked the JavaPos sources and I've paste the loadJposProperties() and xmlReg.load("wincor.jpos17.THxxx.xml") content in my source code:
InputStream isD = prop.getClass().getClassLoader().getResourceAsStream(prop.JPOS_PROPERTIES_FILENAME); // (1) content of loadProperties if (isD != null){ System.out.println("jpos/res/jpos.properties found");
[Code] ...
The same method is used to found wincor.jpos17.THxxx.xml. So when I call applet form the browser I get INPUT STREAM FROM PROPERTIES OK!! from (1) and jpos/res/jpos.properties not found from (2).
So getClass().getClassLoader().getResourceAsStream works if i write it directly in my code, but doesn't work if i call a jar method.
I am currently trying to update a few java applets for a website. As of right now, the applets are automatically blocked on all computers when they are accessed because the newest updates for Java have caused them to be blocked. I have determined that the solution to this is to resign the .jar files that are used to run the application with a new certificate.
I requested and received a certificate (in pkcs 12 format, a .p12 file), imported it into the computer, and used it to sign the .jar files. However, I have been getting an error after signing the .jar files stating that the full certificate chain of the code signing certificate is not valid.
I tried to check the path of the certificate using a method he recommended (using OpenSSL) but didn't really find anything of use.
I bought a certificate to sign my jars, if a deploy my applet in a html file with out framework, just html and js, the works great, I can call from javascript all public methods from the applet. The real problem is when I try to deploy the same signed jar on a adf project in Jdeveloper. Does not work at all and java execute some warnings and later applet is block, the message say something like "exist some jars signed and not signed" But I am sure that all jars are signed...