United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-8000288 1.7.0_06 update causes random "trust level" SecurityExceptions in checkResource
JDK-8000288 : 1.7.0_06 update causes random "trust level" SecurityExceptions in checkResource

Details
Type:
Backport
Submit Date:
2012-10-01
Status:
Closed
Updated Date:
2012-11-19
Project Name:
JDK
Resolved Date:
2012-10-02
Component:
deploy
OS:
Sub-Component:
deployment_toolkit
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
7u10 (b12)

Related Reports
Backport:

Sub Tasks

Description
FULL PRODUCT VERSION :
1.7.0_06

ADDITIONAL OS VERSION INFORMATION :
Windows XP Version 5.1.2600

A DESCRIPTION OF THE PROBLEM :
With 1.7.0_04 and 1.7.0_05 our Java Web Start application would launch and run fine.

With 1.7.0_06 almost every session using the application results in a java.lang.SecurityException with a message like "class "XXXXX" does not match trust level of other classes in the same package".  Sometimes the message causes Java Web Start to fail to launch the application.  Other times the application starts and encounters the error while being used.

We tried to workaround by clearing the user's Java Application Temporary Files (cache), which at first seemed to help, but then the problem began occurring again.

The stack trace is like:

java.lang.SecurityException: class "X.X.X.XXXXX" does not match trust level of other classes in the same package
       at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.defineClass1(Native Method)
       at java.lang.ClassLoader.defineClass(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$100(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.isone.sms.isouser.main.ui.LaunchAction.<clinit>(LaunchAction.java:231)
       at com.isone.sms.isouser.main.ui.ApplicationManager.<init>(ApplicationManager.java:137)
       at com.isone.sms.isouser.main.ui.ApplicationManager.main(ApplicationManager.java:274)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at com.sun.javaws.Launcher.executeApplication(Unknown Source)
       at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
       at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
       at com.sun.javaws.Launcher.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)

Maybe 1.7.0_06 has a regression of the fix in http://bugs.sun.com/view_bug.do?bug_id=6967414?


REGRESSION.  Last worked in version 7

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Error occurs just by launching the Java Web Start application using 1.7.0_06.  The SecurityException is often thrown as soon as the application's main method constructs an object and causes a few more classes to load.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No SecurityException.

ACTUAL -
SecurityException listed above.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.SecurityException: class "com.isone.swing.IsoFrame" does not match trust level of other classes in the same package
       at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.defineClass1(Native Method)
       at java.lang.ClassLoader.defineClass(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$100(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.isone.sms.isouser.main.ui.LaunchAction.<clinit>(LaunchAction.java:231)
       at com.isone.sms.isouser.main.ui.ApplicationManager.<init>(ApplicationManager.java:137)
       at com.isone.sms.isouser.main.ui.ApplicationManager.main(ApplicationManager.java:274)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at com.sun.javaws.Launcher.executeApplication(Unknown Source)
       at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
       at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
       at com.sun.javaws.Launcher.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Don't have time to create a demonstration application.
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Have not found one.

                                    

Comments



Hardware and Software, Engineered to Work Together