3

I am using JRE7. I have signed the jar file using jarsigner. But still I get the exception

java.security.AccessControlException: access denied ("java.io.FilePermission" 
    "C:\Program Files\Java\jre7\lib\ext\Cert.P12" "read")

I am trying to read the Cert.P12 stored in that directory.

I generated certificate using keytool and signed the jar. When the browser prompted me i accepted the certificate. Is it because it is not a real certificate I am getting this error?

This code to read the file is an applet code.

http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html mentions that if it is signed the error will vanish. But it did not for me.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
Satish
  • 170
  • 3
  • 12

3 Answers3

1

It's permissions problem, I think its not about if it is or it is not a real certificate (I don't know). Your certificate is saved at C:\Program Files.... Make sure that you have read permissions in that directory. Windows Parental Control is probably blocking your access to the certificate file.

For your own security, sometimes Windows blocks applications access to C:\Program Files\... folders and it requires Administrator privileges to access to them. Maybe, you have to set administrator privileges to your JRE in your server, running it as administrator.

DaGLiMiOuX
  • 889
  • 9
  • 28
  • I have not tried but when deployed in internet I cannot expect users to run JRE as adminstrator. So even if it works it does not help. – Satish May 16 '13 at 14:54
  • @Satish Well, from now this is out of my knowledge about how to run JRE at client side, etc., because I've never used it. But If you can check and verify if JRE is running, you can't check that if your users have runned it with administrator permissions? And if your application is executing JRE, if they don't have it running, you will have to force them to execute it. Then, I think that you can run it with administrator permissions. If they are running it without administrator permissions, close JRE and re-run it with administrator permissions. – DaGLiMiOuX May 16 '13 at 15:04
0

Did you grant the permission to the signature you applied? A signature by itself means nothing to Java's Security Manager. You'll also need a valid certificate with which to validate the signature, and it needs to be "trusted" by the system...

Toby Eggitt
  • 1,806
  • 19
  • 24
  • I got the window "do you trust to run". I clicked "Run". It is equivalent to trusting the certificate I believe. Am I Wrong? – Satish May 16 '13 at 14:38
  • *"Am I Wrong?"* No, your understanding is correct. When you click 'OK/Run' the applet should have all the permissions it is ever going to get. – Andrew Thompson May 16 '13 at 14:40
0

If, even after signing the applet, you still get a SecurityException, try running the code as privileged code: 

AccessController.doPrivileged(new PrivilegedAction() {
    public Object run() {
        // perform the security-sensitive operation here
        return null;
    }
});
Satish
  • 170
  • 3
  • 12
  • it's true but bring another problem - generate inner class in bytecode and then apllet throws `java.lang.SecurityException: class "Main$1"'s signer information does not match signer information of other classes in the same package` the problem exists after: `jar cvf Main.jar Main.class Main$1.class; jarsigner Main.jar certalias` – Sławomir Lenart Nov 05 '13 at 15:25