My company uses an applet which needs JNI to access some PKI features.
This is a very stable (+4 years) solution and is already in production in several clients.
It's a signed (Thawte Certificate) applet and it worked fine until JRE7 21 - now a security exception has popped (all Applet JNI solutions we have are presenting the same issue).
I checked Java applet stopped working after update to JRE 7u21 and Cannot launch applet using Java 7u21. I've checked Java 7 Update 21 Security Improvements in Detail, but it doesn't mention anything about JNI.
I've already tried using TurstedLibrary and recompiling it with JDK7 21 but it still pops the security exception.
I'd like to check with you guys if you had the same issue and if someone is able to use Java + JNI again (don't know if there's some new stuff to sign the DLL or something like that)..
Update:
Working - got it through http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html#trusted_library
Adding the correct Trusted Library manifest make it stop prompting the error - remembering that you need to use JDK7 21.
Related
My problem is very absurd but really I checked many times before I write here. I have a web application. We developed it with Spring 3.2 and we are deploying it on WebLogic. jdk version is 1.7.0_79 and WebLogic version is 12.1.x. I am using Windows 8 and because of security policies of my company my computer is very slow and irritating (anti virus program, hdd encryption etc.). I decided to install Oracle Virtual Box and Oracle Linux 7 as guest OS on VirtualBox. I installed same version jdk and WebLogic for guest OS.
After prepared my dev environment I came across a deployment failure which says bean create exception (because of circular reference). I checked the code and I noticed there is really a circular reference. But when I build the project on Windows there is no problem. I compared class by class but there is no difference between two. For testing I removed Inject annotation from the field causing circular reference and I could deploy project. That is if I build same code in Linux I can not deploy it neither on Linux nor on Windows.
I extracted two war files and copied classes from war generated on Windows to other and it worked again. I know this is very strange but I tried every combination to be sure.
Every time go to run the Linux Version of Eclipse Luna SR2, it just stops at the little Splash Screen (The window that comes up before you select your work space) and it just stays like that for about 30 seconds, and then closes. Any help please?
It generates this error log which is found Here
New Answer: This is a known bug and a workaround that has fixed the issue in at least one case is to run
export SWT_GTK3=0
before starting Eclipse. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=430736 for more information. If this workaround does not fix your issue make sure GTK3 is installed and upgrade glibc to at least version 2.14 to ensure Eclipse uses it. Apparently when Eclipse detects an older glibc it tries to use GTK2. If none of these suggestions fix your issue you should submit a bug report at http://bugreport.java.com/bugreport/crash.jsp to work it out with the Eclipse development team and also to help inform other people about it.
#ElectroMan - This got too long for a comment. Yes, the error log says the same thing. That means you are running Java 6, "JRE version: 6.0_34-b34" according to the log. I suggest you try running Java 8 or at least Java 7. Java SE 8u40 is the current release from Oracle and it can be downloaded for 64 bit Linux from a link on http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html. It is best to use the latest Oracle release and get away from the OpenJDK version, especially one that is two major releases outdated. However, if you opt for Java 7 its final release is available at http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html. You should be able to install either in a non-default location and keep OpenJDK 1.6.0_34 as your main version of Java on your platform. Eclipse can be configured to use Java 8 or 7 after it is installed by project or as its default for all new projects, but the main thing is to tell it to use Java 8 or 7 when it runs, since it is a Java application. Some instructions for this are at http://www.cs.umd.edu/eclipse/install_java8_luna.html. One of the main reasons for upgrading from Eclipse Kepler to Luna is to get built-in Java 8 support. Another option is to follow the instructions in the error log and file a bug report at http://www.cs.umd.edu/eclipse/install_java8_luna.html and wait for a reply. Or maybe there is already a new Luna update and you could try it.
I have build an application that using LWUIT for UI and bouncycastle for Hashing and Encryption, and every thing is working fine in the emulator but When I try to test it on real device
1- the application not installed correctly because of bouncycastle library need a high obfuscation level to run on the device without any problem
2- so I have set the obfuscation to high level but that made a lot of problem with LWUIT that can't build in the application
3- so I have decreased the level of obfuscation to 8 and the project build successfully but the UI now is not working probably as no button action applied and so on
4- also the application is not installed successfully because of bouncycastle
I need an urgent help please, what can I do to solve this problem
I have successfully used bouncy castle for a lwuit application, so i do not believe that this should be a problem, but if you are having problems with including the bouncycastle javaME jar, then i suggest you download the source files and copy the required classes only into your own code base, with the appropriate package name along with all dependencies.
Today, our Enterprise Architect mentioned that a recent vulnerability was discovered in the JRE 1.7. I found an article the JRE 1.7 vulnerability recommending disabling Java.
I am running JDK 1.5 and 1.6 at work (like many organizations, we're not on the latest of technologies), so no problems there.
At home I am doing development with Java SE 7u6. I'm playing with Grails, Spring Security, trying to keep learning.
I have already gone and disabled the Java Plug-in in all my browsers on my home development machine. However, does anyone know if my home dev machine is still vulnerable by virtue of having the JDK 7 installed? I did find this article on US-CERT declaring the vulnerability notice: Oracle Java JRE 1.7 Expression.execute() fails to restrict access to privileged code.
It sounded like as long as the browser is not able to run Applets, I should be fine (it should not with the Java Plug-in disabled). However, what about Java Web Start/JNLP? Could that get invoked? That's the only other thing I could think of, other than Applets, that might be of concern.
Just wondering if I need to go through the efforts of uninstalling my Java SE 7 and dropping back to a JDK6.
What have others done upon learning of this security issue with JRE 1.7?
The details of the latest vulnerability have not been made public. However, my understanding is that it only affects Java browser plugins. The recommended mitigation is to disable the Java browser plugins. No mention is made of non-plugin Java, so I think it is safe to assume that your dev machine is not vulnerable simply by virtue of having Java 7 installed.
However, what about Java Web Start/JNLP? Could that get invoked?
I don't think so. I think it is safe to assume that the people who found the problem would have thought of that potential attack vector. (But simple common sense says that you wouldn't want to be launching random JNLP programs in the first place ...)
I understand it as if you have to visit a malicious site to become infected. So no, you are not at risk simply by virtue of having Java 7 installed in your browser.
Some useful links:
US-CERT link which explains the vulnerability:
http://www.kb.cert.org/vuls/id/636312
Oracle link to their Security Alerts (not just Java, but also including Java):
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
As of writing (30 Aug 2012) I cannot see that Oracle has yet issued an alert for this. I can't really figure out if they only issue such alerts AFTER a patch has been created. According to US-CERT site Oracle was officially alerted on 29 Aug 2012 but they may already have known about it because blog reports about the vulnerability started a few days before the 29th.
What you can read on the Oracle site is that the next planned "Java SE Critical Patch Update" is on 16 October 2012. Surely they won't wait for that but release an out-of-band patch for this vulnerability asap. (they've done so before)
I have installed the Netbeans 6.7 IDE with Java ME included, but cannot create a Mobile Application project from the Java ME category. When I select the project type the wizard stops at "Finding Feature" with the message:
Not all requested modules can be enabled:
[StandardModule:org.netbeans.modules.mobility.end2end.kig jarFile:C:\Program Files\NetBeans 6.7\mobility8\modules\org-netbeans-modules-mobility-end2end-kit.jar.
I am attempting to run this on Vista Home Premium. I have tried to run the IDE as Administrator with no luck.
I am at a loss for where to go next as I cannot seem to find any information regarding this issue. Even if you don't have the solution any insight into this error message would be helpful.
I am unable so far to get the project running via the Netbeans IDE install. I have, for the time being, installed the Java ME SDK which includes a very stripped down version of the Netbeans IDE for mobile development.
I originally had some issues starting the SDK as well on Vista. The IDE reported that it could not connect to the device manager on localhost. After some searching I found this link: Java ME SDK Startup Problem which suggests changing the hosts file localhost entry from IPv6 to IPv4. The fix worked perfectly and I can now compile and run code in the emulator.
This is not an optimal solution as the SDK does not include the visual design tools, however I am able to get a basic project going in the mean time.
I have given up on the 6.7 version and have instead located and installed 6.5.1. This previous version has been working just fine and seems to do everything I need.
I ran into the exact same error today while installing NB 6.8 beta. To resolve it we need to install two plugins:
Java Web Applications (as mentioned by Ali above) and
Sun Java System Web Server 7.0
Note that these two are part of the Category called "Java Web and EE" hence the confusion that we need to install Glassfish App Server. But we need these two plugins because they are required for debugging using breakpoints in emulator. Netbeans runs a web server when we do breakpoint based debugging.
Also note that the Java Web applications needs SOAP Web Services and JavaScript Debugger plugins to run and so these plugins are also installed when you try to install it.
You also need to install "Java Web Applications" plugin.
Tools->Plugins->Available Plugins
If the module is present, you should try unzipping it to check its content makes sense.
You should also be able to rebuild it from Netbeans sources.
You can also try to figure out why this happens by debugging the module loader inside Netbeans from its sources, using another IDE, presumably the latest version of Netbeans you can find without the issue.
If the module is missing, you might want to get the missing jar file from an installation of a previous version of Netbeans, see if it is compatible.
6.5.1 isn't missing any module.
back in version 5.5, the mobility module had to be downloaded and installed separately from the main IDE.
If you want to consider using Eclipse for developing your J2ME app...I've written a post related to that some time ago: here.