Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 6 of 6

Thread: Applet Security Warning & Class Loaders

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Applet Security Warning & Class Loaders

    I have an applet that uses jdom to build a menu from an xml file. The applet and jdom.jar are both signed, both have Trust-Library: true in the manifest file. They are both deployed inside of a war file along with the xml file.

    I am currently using a single Weblogic 10 server

    My problem is I get the java security warning regarding signed and unsigned code from some applications, but not others.

    I am using this object tag in all of the applications:

    <object id="appLaunch"
    classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
    width="350" height="20"> <param name="archive" value="../../appLaunchApplet/AppLaunch.jar">
    <param name="code" value="com.ifcg.appLaunch.AppLaunch">
    <param name="MenuXML" value="../../aAppLaunchApplet/appLaunchCtl.xml""> <PARAM name="scriptable" value="true">
    </object>

    There are a couple of interesting things, even if I hit yes on the security warning dialog box to block the unsigned code, the applet launches and runs as expected.

    The other interesting thing, perhaps key to the problem, is that when the applet is un-deployed and then the application re-run, I get one of two stack traces, depending on whether the application had presented a security warning the time before.

    For applications that had the warning, the trace is:

    Java Plug-in 1.6.0_20
    Using JRE version 1.6.0_20-b02 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\tess

    ----------------------------------------------------
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    ----------------------------------------------------

    java.lang.ClassFormatError: Incompatible magic value 218762506 in class file com/ifcg/appLaunch/AppLaunch
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClassCond(Unknown Source)
    at java.lang.ClassLoader.defineClass(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknow n Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Un known Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unk nown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unk nown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionR unnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Exception: java.lang.ClassFormatError: Incompatible magic value 218762506 in class file com/ifcg/appLaunch/AppLaunch


    and for those that didn't present the security warning the trace is:

    Java Plug-in 1.6.0_20
    Using JRE version 1.6.0_20-b02 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\tess

    ----------------------------------------------------
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    ----------------------------------------------------

    load: class com.ifcg.appLaunch.AppLaunch not found.
    java.lang.ClassNotFoundException: com.ifcg.appLaunch.AppLaunch
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Un known Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unk nown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unk nown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionR unnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: java.io.IOException: open HTTP connection failed:http://internalServer:4017/Ctray/jsp...ppLaunch.class
    at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unk nown Source)
    at sun.plugin2.applet.Applet2ClassLoader.access$000(U nknown Source)
    at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknow n Source)
    at java.security.AccessController.doPrivileged(Native Method)
    ... 7 more
    Exception: java.lang.ClassNotFoundException: com.ifcg.appLaunch.AppLaunch


    I think that the warning has something to do with the class loader, however I do not understand how these are loaded and in what circumstance and how I can possibly control the loader.

    Any help or pointers would be appreciated.


  2. #2
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,139
    Thanks
    65
    Thanked 2,720 Times in 2,670 Posts

    Default Re: Applet Security Warning & Class Loaders

    java.lang.ClassFormatError: Incompatible magic value 218762506 in class file com/ifcg/appLaunch/AppLaunch
    That looks like a corrupted class file.
    If you convert the decimal value shown to hex you get: 218762506= d0a0d0a
    That looks like the characters: \r\n\r\n or two lineend groups

  3. #3
    Junior Member
    Join Date
    Sep 2010
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Applet Security Warning & Class Loaders

    I get the Incompatible magic value when i purposely un-deploy the applet. The reason for including this in the post was to show that i get different stack traces that are linked to whether i get the security warning or not. I am trying to get rid of the security warning and I was wondering if the security warning had to do with the class loader?

  4. #4
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,139
    Thanks
    65
    Thanked 2,720 Times in 2,670 Posts

    Default Re: Applet Security Warning & Class Loaders

    Sorry, I know nothing about your environment. I just noticed the Incompatible magic value problem and was curious what the number was. It looks like the browser(?) was trying to read a class file and read some text lineend characters instead.
    Curious how it got those characters when looking for a class file.

  5. #5
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,139
    Thanks
    65
    Thanked 2,720 Times in 2,670 Posts

    Default Re: Applet Security Warning & Class Loaders


  6. #6
    Junior Member
    Join Date
    Sep 2010
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Applet Security Warning & Class Loaders

    Upon further investigation, I have found that the following line of code in org.jdom.input JAXPParserFactory :
    SAXParserFactory factory = SAXParserFactory.newInstance();
    is causing the mixed code security warning.

    Does anyone know why this would raise a security warning?

    thanks,

Similar Threads

  1. Security in Server
    By madhu_sushmi in forum Java Servlet
    Replies: 6
    Last Post: May 17th, 2010, 02:07 PM
  2. Applet cannot find client.class?
    By JoshRod in forum What's Wrong With My Code?
    Replies: 0
    Last Post: April 18th, 2010, 05:17 PM
  3. Replies: 0
    Last Post: April 11th, 2010, 08:56 AM
  4. Jar File Security
    By Symbols in forum Java Theory & Questions
    Replies: 1
    Last Post: February 28th, 2010, 10:48 PM
  5. Replies: 1
    Last Post: October 23rd, 2009, 03:17 PM