Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Getting security exception

Anthony747Aug 4 2020 — edited Aug 4 2020

Hi,

I am new to Java and learning the Java security. Following the java documentation tutorial (https://docs.oracle.com/javase/tutorial/security/userperm/index.html ) on creating special permission, I get an java.lang.SecurityException when I reach the end of the tutorial at (https://docs.oracle.com/javase/tutorial/security/userperm/kim.html ). Here is the content of the kim.policy file:

keystore "kim.keystore";

grant SignedBy "terry" {

  permission

    HighScorePermission

      "SoccerGame", signedBy "chris";

};

grant SignedBy "chris" {

  permission java.util.PropertyPermission

    "user.home", "read";

  permission java.io.FilePermission

      "${user.home}${/}Downloads/TMP/scoreFile", "read,write";

  permission

    HighScorePermission

      "*", signedBy "chris";

};

The stack trace:

Exception in thread "main" java.lang.SecurityException: class "HighScore"'s signer information does not match signer information of other classes in the same package

        at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1151)

        at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:906)

        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1015)

        at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)

        at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:821)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:732)

        at java.base/jdk.internal.loader.BuiltinClassLoader$4.run(BuiltinClassLoader.java:727)

        at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)

        at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:740)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:642)

        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:600)

        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)

        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)

        at SoccerGame.setHighScore(SoccerGame.java:21)

        at SoccerGame.main(SoccerGame.java:36)

For the sake of simplicity, I have removed all the package names from the source code (i.e. com.gamedev.games) and I renamed the class ExampleGames to SoccerGames. All the respective keys, keystores and certificates where generated according to the tutorial, however, I feel the security exception is due to the fact that jar files in this tutorial is signed by two different signers (according to the tutorial of course).

In addition, when I try to load the kim.policy into policytool, it can not find the class HighScorePermission which is located in terry.jar according to tutorial. From the windows command prompt, I have set the classpath to include the two jar file (terry.jar and hs.jar) in this tutorial.

I have invested a great deal to troubleshoot these two problems, alas reached the end of the rope and hopeless. At this junction, any insights, help or idea will be so great.

Thanks
Comments
Post Details
Added on Aug 4 2020
#other-security-apis-tools-and-issues
0 comments
406 views