70 questions
2
votes
1
answer
180
views
Apache HTTP Client 5 throws java.security.AccessControlException, policy file is specified
I'm writing an OpenSearch plugin in Java, using the provided template.
Except communication with OpenSearch Dashboards which works fine, I need to implement communication with external service. ...
- 92
1
vote
0
answers
134
views
AccessControlException: Access Denied ("java.net.Permission" "getProxySelector") Java Class with okhttp3 library in lotus notes
i'm developing a Java class in and IBM Lotus Domino app, it uses the okhttp3 library :
import java.io.*;
import okhttp3.*;
public class Uploader {
public String Poster(String FileName, String ...
- 21
0
votes
0
answers
111
views
Geoserver 2.21.4 not deploying with Security Manager on JBoss EAP 7.4.9 when upgrading from Java 8 to Java 11
I am trying to deploy GeoServer 2.21.4 in JBoss EAP 7.4.9 with Java 11. The GeoServer application fails to deploy when Java Security Manager is turned on.
I have been using the same Geoserver/JBoss ...
- 1
2
votes
1
answer
1k
views
How to create java RMI program without SecurityManager as it's deprecated?
As referring to the "Creating and Installing a Security Manager" for oracle's tutorial: https://docs.oracle.com/javase/tutorial/rmi/implementing.html
It mentioned whenever we need to ...
- 109
0
votes
1
answer
262
views
java.security.policy and RMI - classpath issue
I have an app that uses RMI and works when I have the security policy set to
//
// Allow everything for now
//
permission java.security.AllPermission;
But, when I try to lock it down with the policy ...
- 349
0
votes
1
answer
296
views
Surefire marks tests as failed when they set SecurityManager
I have some tests that need to check if the main code did a System.exit(...). This works very nicely with suggestions from https://stackoverflow.com/a/309427/1023341. But when running these tests in ...
- 1,416
5
votes
0
answers
473
views
RMI class loading from codebase without deprecated SecurityManager?
I'm using RMI to invoke a method that is specified to return an object of class ClassX.
ClassX xObj = remoteObject.meth(...);
If the remote method actually returns an instance of a locally unknown ...
- 51
0
votes
1
answer
165
views
CustomAuthenticationMechanism obtains none callerGroups after called identityStoreHandler.validate
I am trying to create a custom authentication.
When I
I made a simple identityStore that validate every user as guest with rols AF_ADMIN and AF_USER.
CustomAuthenticationMechanism is called when login ...
- 7,939
1
vote
0
answers
160
views
How to doPrivileged in kotlin coroutines?
In Java I can raise privileges by calling java.security.AccessController.doPrivileged().
How can I raise privileges in kotlin coroutines?
Example: When I call the program
import java.security....
- 11
5
votes
1
answer
9k
views
java.security.properties - changes not applied
I try to append security properties to java.security.
Hence I add a property "java.security.properties" specifying the file to be appended.
I checked that security.overridePropertiesFile is ...
- 191
1
vote
1
answer
241
views
create AmazonHttpClient in a protected environment which does not allow getEnv calls
Switching from version 1.11.700 to 1.11.908 of AWS SDK one of our libraries is now unable to work in a protected environment. More specifically the new SDK version has changed ClientConfiguration so ...
- 829
5
votes
1
answer
3k
views
Memory leak at bouncycastle.jce.provider
I'm running a java (openjdk:11.0.8) application using bouncycastle.jce.provider:
group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.65'
I noticed a memory leak and the dump shows that ...
- 215
4
votes
1
answer
370
views
When load some class in checkPermission method why SecurityManager emit recursive update exception?
I'm upgrading jdk 8 to 11.
I load some class in checkPermission method then security manager emit recursive update exception. but use jdk1.8.0_202 everything works fine.
What causes this problem?
My ...
- 406
0
votes
0
answers
268
views
Java SecurityManager only block reflection invoke and set
I want my SecurityManager to only block invoke for method and set for field reflection. getDeclaredMethods or similar should stay allowed. Is this possible? I want to block change of the security ...
- 476
0
votes
1
answer
1k
views
Permission denied expection when fetching System property "os.arch" when java Security Manager enabled
I have a simple java application ClientApp which has Java Security Manager enable.
This application is trying to call method of Test jar which fetches "os.arch" System property. Since it is time ...
- 13
0
votes
1
answer
720
views
Tomcat9 slow response with security manager in OpenJdk11
We added -Djava.security.manager parameter in java options of tomcat9 to enable security manager . Tomcat is running without any issue but when I try to perform some operation then it takes 9-10 min ...
- 43
1
vote
1
answer
1k
views
Exception in thread "ContainerBackgroundProcessor[StandardEngine[Tomcat]]" java.lang.NoClassDefFoundError: ch/qos/logback/classic/spi/ThrowableProxy
I get an error when starting my spring-boot application. The exception occurs in combination with the `java secuirity manager´.
Exception in thread "ContainerBackgroundProcessor[StandardEngine[Tomcat]...
3
votes
0
answers
409
views
Enforcing Java Security Policy based on signedBy
I'm trying to enforce a security policy, giving Java classes signed by a certain signer certain permissions. My security policy file looks as following:
// ========== SYSTEM CODE PERMISSIONS =========...
- 237
1
vote
1
answer
2k
views
How can I configure, disable, or override the sbt SecurityManager?
I'm trying to embed Apache Derby into an application. When I run it directly from IntelliJ, everything works fine, but sbt run generates the exception:
Caused by: java.security....
- 511
0
votes
1
answer
2k
views
jars are not loaded with java.security.manager enabled
We running one spring-boot application, which will download some jars dynamically in /tmp folder and execute some functions in side those jars.
Now we have enabled java.security.manager and gave ...
1
vote
1
answer
3k
views
Prevent Java Application from performing malicious activities
I need to download and run a Jar file. Is there a way to know what it can/will do? I mean what permissions it has? Specifically I need to know if it will try to access my files and if it will try to ...
- 13
3
votes
1
answer
399
views
Is it possible to sandbox just a Runnable
Is it possible to sandbox my Runnable within Java? Given a Runnable, I want the code inside of it (along with whatever threads it spawns) to run in a sandbox that only lets the code access a specific ...
- 390
0
votes
1
answer
532
views
Java Security Manager (Strange Behavior)
I am testing Java Security Manager in a simple java application.
I write the properties "user.home", "user.info".
I read the properties "user.home", "user.info".
I set a policy file that ALLOWS ...
- 373
1
vote
0
answers
377
views
Elastic Search AllPermission security manager issue during start
I am running elastic search with non loop-back IP (production mode) on Windows.
To run ES, I am forking it out (elasticsearch.bat) from a Java app using ProcessBuilder.
However, it is giving me ...
- 1,178
1
vote
1
answer
369
views
spring properties file behaviour when value not in environment file
We are running on spring boot version 1.5.10
JDK : 1.8.0.52
Our gradle file has the entry
compile group: 'org.springframework.security', name: 'spring-security-web', version: '4.2.3.RELEASE'
We ...
- 11