java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" ":")

Question

I'm trying to use Java to talk to the ibm connections API through urlConnection with the following code

String url = "https://example.com";
URL myUrl = new URL(url);
URLConnection urlCon = myUrl.openConnection();
urlCon.setRequestProperty("Method", "GET");
urlCon.addRequestProperty("Authorization", this.getBasicAuthCredentials());
urlCon.setConnectTimeout(5000);

System.out.println(urlCon.getContentType());
System.out.println(urlCon.getContent());

it work's fine if the content-type is text/html for example but give's me the follwing error if the content-type is image /png

image/png
 java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" "*:*")
    at java.security.AccessController.throwACE(AccessController.java:157)
    at java.security.AccessController.checkPermissionHelper(AccessController.java:217)
    at java.security.AccessController.checkPermission(AccessController.java:349)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:562)
    at lotus.notes.AgentSecurityManager.checkPermission(Unknown Source)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:62)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:91)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:96)
    at sun.net.www.content.image.png.getContent(png.java:48)
    at java.net.URLConnection.getContent(URLConnection.java:763)

I already modified the java.policy to allow everything but that did not help

EDIT: in the first run of the Notes Agent after a server restart I get the following error:

Agent error: java.security.policy: error adding Permission, java.net.URLPermission: java.lang.NullPointerException

So you are running this from a notes agent? Does the signer have enough rights? — umeli, Mar 27 '20 at 08:21
@umeli yes i'm running this from a notes agent. I even signed the application with the server id and chose the "Allow restricted operations with full administration rights" option in the Security tab of the properties in the agent. — baier-uniko, Mar 28 '20 at 10:45
The null pointer error makes me think you've probably got a typo or a bad character in your modification to the policy file. — Richard Schwartz, Mar 29 '20 at 15:58
Have you tried with "grant { permission java.security.AllPermission };" policy? — umeli, Mar 30 '20 at 07:44

score 0 · Answer 1 · answered Apr 19 '22 at 11:14

I got the same problem with an Applet. I fixed it by adding this line:

permission java.security.AllPermission;

to the file /usr/lib/jvm/jdk1.8.0_261/jre/lib/security/java.policy. There are other settings just for the network, if you don't want to allow it too much, which can be a security problem, for example if an Applet can access the local filesystem, in case someone still runs Applets, or other unstrusted Java code.

java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" "*:*")

1 Answers1

java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" ":")