axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dhanush Gopinath" <dhan...@mahindrabt.com>
Subject Re: When is java.lang.SecurityException Thrown ??
Date Fri, 19 Dec 2003 06:32:24 GMT
Hi All ,
The below mentioned problem is fixed.
It was the conflicting of the Java Versions
I was using 1.3.1 while the Solaris original version was 1.2.2. My mistake. 

Cheers 
Thanks 
Dhanush
  ----- Original Message ----- 
  From: Dhanush Gopinath 
  To: axis-user@ws.apache.org 
  Sent: Friday, December 19, 2003 11:07 AM
  Subject: Re: When is java.lang.SecurityException Thrown ??

  Jeff & Others

  The problem which I am facing I think is regarding to the Security policies.
  What happens with the Client Code is its getting an exception from the instatiation of a
Service Object. But this happens only in the SOLARIS. I have put my server code and client
code on Solaris v 8.0

  I tried the following simple code to test whether its actually coming from the Service instatiation.

  import org.apache.axis.client.Service;

  public class TestClient
  {
          public static void main(String args[])
          {
                  Service ser = new Service();
          }
  }

  Then also I got the same exception

  Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.lang.reflect
          at java.lang.Throwable.fillInStackTrace(Native Method)
          at java.lang.Throwable.fillInStackTrace(Compiled Code)
          at java.lang.Throwable.<init>(Compiled Code)
          at java.lang.Exception.<init>(Exception.java:42)
          at java.lang.RuntimeException.<init>(RuntimeException.java:47)
          at java.lang.SecurityException.<init>(SecurityException.java:39)
          at java.lang.ClassLoader.defineClass(ClassLoader.java:485)
          at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:110)
          at java.net.URLClassLoader.defineClass(Compiled Code)
          at java.net.URLClassLoader.access$1(Compiled Code)
          at java.net.URLClassLoader$1.run(Compiled Code)
          at java.security.AccessController.doPrivileged(Native Method)
          at java.security.AccessController.doPrivileged(Compiled Code)
          at java.net.URLClassLoader.findClass(Compiled Code)
          at java.lang.ClassLoader.loadClass(Compiled Code)
          at sun.misc.Launcher$AppClassLoader.loadClass(Compiled Code)
          at java.lang.ClassLoader.loadClass(Compiled Code)
          at java.lang.ClassLoader.loadClassInternal(Compiled Code)
          at TestClient.main(TestClient.java:7)

  Later I looked the source code of the Service.java file, I found that its importing  the
classes 

  import java.lang.reflect.Constructor;
  import java.lang.reflect.Proxy;

  Constructor and Proxy from java.lang.reflect;

  Does any one know Why the exception happens from the Service ? And if any one know abt the
Security policies to be considerd in Solaris. Please tell.

  Thanks & Regards 
  Dhanush

    ----- Original Message ----- 
    From: Jeff Greif 
    To: axis-user@ws.apache.org 
    Sent: Thursday, December 18, 2003 8:22 PM
    Subject: Re: When is java.lang.SecurityException Thrown ??

    These comments are rather speculative and not reflective of much expertise in this area

    1.  Turn on some logging (or look in the logs that already exist) to see where the exception
is thrown.
    2.  Most likely, to use the client code you will need to set up a security policy that
permits access to the reflection package.
    3.  Most likely, things are more restricted on Solaris because some default policy forbids
use of that package, and you have to override it.  Reflection has some degree of danger because
it can break encapsulation.
    4.  Doing the override of the security policy is sensible if you understand how your code
uses reflection and know that it won't endanger the security of the client application or
the machine in general.  If the use of reflection is happening inside third-party code you
should try to understand it before opening things up, particularly if there are strong security
requirements on the machine for other reasons.  Under these circumstances, you may not be
allowed by either administrators or file permissions to change the security policy.  On such
a machine, some kind of security audit of your code would probably be necessary in order for
the policy to be altered so it could run.
    5.  If you change the security policy, you should make the changes as small as possible
to let your client run, and scope them as narrowly as possible to prevent other less well-intentioned
programs from benefitting.

    Jeff
      ----- Original Message ----- 
      From: Dhanush Gopinath 
      To: axis-user@ws.apache.org 
      Sent: Thursday, December 18, 2003 5:30 AM
      Subject: When is java.lang.SecurityException Thrown ??

      Hi All

      When I am running my client code I am getting an Exception called 

      java.lang.Security Exception : Prohibited package name java.lang.reflect

      Any Idea When this is thrown ?

    **************************************************************
    Scanned by eScan Content-Security and Anti-Virus Software.
    Visit http://www.mwti.net for more info on eScan and MailScan.
    **************************************************************

  **************************************************************
  Scanned by eScan Content-Security and Anti-Virus Software.
  Visit http://www.mwti.net for more info on eScan and MailScan.
  **************************************************************

  *********************************************************
  Disclaimer

  This message (including any attachments) contains 
  confidential information intended for a specific 
  individual and purpose, and is protected by law. 
  If you are not the intended recipient, you should 
  delete this message and are hereby notified that 
  any disclosure, copying, or distribution of this
  message, or the taking of any action based on it, 
  is strictly prohibited.

  *********************************************************
  Visit us at http://www.mahindrabt.com

  **************************************************************
  Scanned by eScan Content-Security and Anti-Virus Software.
  Visit http://www.mwti.net for more info on eScan and MailScan.
  **************************************************************

**************************************************************
Scanned by  eScan  Content-Security  and  Anti-Virus Software.
Visit http://www.mwti.net for more info on eScan and MailScan.
**************************************************************

*********************************************************
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*********************************************************
Visit us at http://www.mahindrabt.com


Mime
View raw message