Spec-Zone .ru
спецификации, руководства, описания, API
|
|
Spec-Zone .ru
спецификации, руководства, описания, API
|
java.security.AccessControlExceptionThrown In the Execution ofjava.beans.Introspector.setBeanInfoSearchPath()Method
SymptomsWhen running an applet in a browser by using the Sun JavaTM Runtime Environment (JRETM) implementation, a
java.security.AccessControlExceptionis thrown in the execution of thejava.beans.Introspector.setBeanInfoSearchPath() methodas shown below:
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertiesAccess(Unknown Source)
at java.beans.Introspector.setBeanInfoSearchPath(Unknown Source)
at ....The same applet runs without any error with the Microsoft Virtual Machine (VM).
Cause
The
Introspector.setBeanInfoSearchPath()method call can change the list of package names used for findingBeanInfoclasses. If more than one applet is running in the VM, an untrusted applet could call this method to redirect other applets to look upBeanInfoin unexpected packages. This is a flaw in security.A security check for
java.util.PropertyPermissionis added to Introspector.setBeanInfoSearchPath() method in the JRE to address the security concern. If the applet is unsigned and it calls this method, ajava.security.AccessControlExceptionis thrown.Resolution
To fix the above causes:
- Sign the applet by using the Java Development Kit (JDK)
jarsignertool, so that the applet runs as a trusted applet and has permissions to call theIntrospector.setBeanInfoSearchPath()method.- Rearchitect the applet code to avoid the call to
Introspector.setBeanInfoSearchPath(). For example, instead of relying on theBeanInfoclass search path, use a fully qualified package name for searching theBeanInfo.Related Information
See .