----- Original Message -----
Sent: Friday, December 19, 2003 11:07
AM
Subject: Re: When is
java.lang.SecurityException Thrown ??
Jeff & Others
The problem which I am facing I think is
regarding to the Security policies.
What happens with the Client Code is its getting
an exception from the instatiation of a Service Object. But this happens only
in the SOLARIS. I have put my server code and client code on Solaris v
8.0
I tried the following simple code to test whether
its actually coming from the Service instatiation.
import
org.apache.axis.client.Service;
public class
TestClient
{
public static
void main(String args[])
{
Service ser = new Service();
}
}
Then also I got the same
exception
Exception in thread "main"
java.lang.SecurityException: Prohibited package name:
java.lang.reflect
at
java.lang.Throwable.fillInStackTrace(Native
Method)
at
java.lang.Throwable.fillInStackTrace(Compiled
Code)
at
java.lang.Throwable.<init>(Compiled
Code)
at
java.lang.Exception.<init>(Exception.java:42)
at
java.lang.RuntimeException.<init>(RuntimeException.java:47)
at
java.lang.SecurityException.<init>(SecurityException.java:39)
at
java.lang.ClassLoader.defineClass(ClassLoader.java:485)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:110)
at java.net.URLClassLoader.defineClass(Compiled
Code)
at
java.net.URLClassLoader.access$1(Compiled
Code)
at
java.net.URLClassLoader$1.run(Compiled
Code)
at
java.security.AccessController.doPrivileged(Native
Method)
at
java.security.AccessController.doPrivileged(Compiled
Code)
at
java.net.URLClassLoader.findClass(Compiled
Code)
at
java.lang.ClassLoader.loadClass(Compiled
Code)
at
sun.misc.Launcher$AppClassLoader.loadClass(Compiled
Code)
at
java.lang.ClassLoader.loadClass(Compiled
Code)
at
java.lang.ClassLoader.loadClassInternal(Compiled
Code)
at
TestClient.main(TestClient.java:7)
Later I looked the source code of the
Service.java file, I found that its importing the
classes
import
java.lang.reflect.Constructor;
import
java.lang.reflect.Proxy;
Constructor and Proxy from
java.lang.reflect;
Does any one know Why the exception happens
from the Service ? And if any one know abt the Security policies to be
considerd in Solaris. Please tell.
Thanks & Regards
Dhanush
----- Original Message -----
Sent: Thursday, December 18, 2003 8:22
PM
Subject: Re: When is
java.lang.SecurityException Thrown ??
These comments are rather speculative and not
reflective of much expertise in this area
1. Turn on some logging (or look in the
logs that already exist) to see where the exception is thrown.
2. Most likely, to use the client code
you will need to set up a security policy that permits access to the
reflection package.
3. Most likely, things are more
restricted on Solaris because some default policy forbids use of that
package, and you have to override it. Reflection has some degree of
danger because it can break encapsulation.
4. Doing the override of the security
policy is sensible if you understand how your code uses reflection and know
that it won't endanger the security of the client application or the machine
in general. If the use of reflection is happening inside
third-party code you should try to understand it before opening things
up, particularly if there are strong security requirements on the machine
for other reasons. Under these circumstances, you may not be allowed
by either administrators or file permissions to change the security
policy. On such a machine, some kind of security audit of your code
would probably be necessary in order for the policy to be altered so it
could run.
5. If you change the security policy,
you should make the changes as small as possible to let your client run, and
scope them as narrowly as possible to prevent other less well-intentioned
programs from benefitting.
Jeff
----- Original Message -----
Sent: Thursday, December 18, 2003
5:30 AM
Subject: When is
java.lang.SecurityException Thrown ??
Hi All
When I am running my client code I am getting
an Exception called
java.lang.Security Exception :
Prohibited package name java.lang.reflect
Any Idea When this is thrown ?
**************************************************************
Scanned
by eScan Content-Security and Anti-Virus Software.
Visit
http://www.mwti.net for more info on eScan and
MailScan.
**************************************************************
**************************************************************
Scanned
by eScan Content-Security and Anti-Virus Software.
Visit
http://www.mwti.net for more info on eScan and
MailScan.
**************************************************************
*********************************************************
Disclaimer
This
message (including any attachments) contains
confidential information
intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message
and are hereby notified that
any disclosure, copying, or distribution of
this
message, or the taking of any action based on it,
is strictly
prohibited.
*********************************************************
Visit
us at
http://www.mahindrabt.com
**************************************************************
Scanned
by eScan Content-Security and Anti-Virus Software.
Visit
http://www.mwti.net for more info on eScan and
MailScan.
**************************************************************
