最近遇到了这样的一个问题,一个JWS程序,在JRE1.6.0_13上运行没有问题,但是在JRE1.6.0_22上运行就会报出如下异常,
java.lang.SecurityException: class “org.apache.log4j.Logger” does not match trust level of other classes in the same package
1. 在oracle网站发现一个说明,
http://download.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html
在update19以后会有这个问题。
2. 在stackoverflow问了下,http://stackoverflow.com/questions/4680823/java-lang-securityexception-class-org-apache-log4j-logger-does-not-match-trust
原因是extension的JNLP没有指定security,加上后解决。
3. 开java console的debug,
We can see more detail information by enabling the debug info of java console by adding following statement in the deployment.properties under “D:/Documents and Settings/login/Application Data/Sun/Java/Deployment”, the directory varies with your PC. For more detail, refer to http://download.oracle.com/javase/1.5.0/docs/guide/deployment/deployment-guide/properties.html
deployment.trace.level=all
After enabling this option, we can see much much more info in the java console, which will benefit our debugging a lot. Here is a fragment of the debugging info (before JNLP files change).
security: JAVAWS AppPolicy Permission requested for: https://localhost/jars/log4j-1.2.12.jar
security: Add sandbox permissions
security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/jfreechart-1.0.0.jar
security: Add sandbox permissions
…
security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/sessierstub.jar
security: Istrusted: https:// localhost /a.jnlp true
security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/libsmmon.jar
security: Istrusted: https:// localhost /b.jnlp true
security: JAVAWS AppPolicy Permission requested for: https:// localhost /jars/libamv.jar
security: Istrusted: https:// localhost /b.jnlp true
security: resource name "org/apache/log4j/Logger.class" in https:// localhost /jars/log4j-1.2.12.jar : java.lang.SecurityException: class "org.apache.log4j.Logger" does not match trust level of other classes in the same package
4. The relationship between the security configuration and the jar signature status is shown in following table.
|
<security> <all-permissions/> </security --> |
< !-- security> <all-permissions/> </security --> |
Signed jar file |
basic: Main-class: Jar1 cache: Read manifest for http://localhost:8080/T/jar1_mix.jar: read=347 full=347 security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar security: Istrusted: http://localhost:8080/T/test.jnlp true security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar security: Istrusted: http://localhost:8080/T/test.jnlp true network: Connecting socket://127.0.0.1:1964 with proxy=DIRECT I am in org.apache.log 1
hello |
basic: Main-class: Jar1 security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1_mix.jar security: Add sandbox permissions security: resource name "Jar1.class" in http://localhost:8080/T/jar1_mix.jar : java.lang.SecurityException: attempted to open sandboxed jar http://localhost:8080/T/jar1_mix.jar as a Trusted-Library #### Java Web Start Error: #### attempted to open sandboxed jar http://localhost:8080/T/jar1_mix.jar as a Trusted-Library |
Unsigned jar file |
#### Java Web Start Error: #### Found unsigned entry in resource: http://localhost:8080/T/jar1.jar |
basic: Main-class: Jar1 cache: Reading Signers from 0 http://localhost:8080/T/jar1.jar | D:/Documents and Settings/hosun/Application Data/Sun/Java/Deployment/cache/6.0/51/26f984b3-48893e42.idx network: No certificate info for unsigned JAR file: http://localhost:8080/T/jar1.jar network: No certificate info for unsigned JAR file: http://localhost:8080/T/jar1.jar cache: Read manifest for http://localhost:8080/T/jar1.jar: read=63 full=63 security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1.jar security: Add sandbox permissions security: JAVAWS AppPolicy Permission requested for: http://localhost:8080/T/jar1.jar security: Add sandbox permissions network: Connecting socket://127.0.0.1:1931 with proxy=DIRECT I am in org.apache.log 1
hello |
5. Java console log contents can be saved, make sure the options are enabled(控制面板=>Java=>advanced=>debug). The logs are located in D:/Documents and Settings/login/Application Data/Sun/Java/Deployment/log
6. For more information about JNLP and Java Web Start,
http://mindprod.com/jgloss/javawebstart.html
http://lopica.sourceforge.net/faq.html
http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/faq.html
http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/troubleshooting.03.06.html
http://download.oracle.com/javase/1.5.0/docs/guide/javaws/developersguide/contents.html contains the JNLP spec.