java.security.AccessControlException Thrown In the
Execution of
java.beans.Introspector.setBeanInfoSearchPath()
MethodWhen running an applet in a browser by using the Sun Java™
Runtime Environment (JRE™) implementation, a
java.security.AccessControlException is thrown in the
execution of the
java.beans.Introspector.setBeanInfoSearchPath() method
as shown below:
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
at
java.security.AccessControlContext.checkPermission(Unknown
Source)
at
java.security.AccessController.checkPermission(Unknown
Source)
at
java.lang.SecurityManager.checkPermission(Unknown Source)
at
java.lang.SecurityManager.checkPropertiesAccess(Unknown
Source)
at
java.beans.Introspector.setBeanInfoSearchPath(Unknown Source)
at ....
The same applet runs without any error with the Microsoft Virtual Machine (VM).
The Introspector.setBeanInfoSearchPath() method
call can change the list of package names used for finding
BeanInfo classes. If more than one applet is running
in the VM, an untrusted applet could call this method to redirect
other applets to look up BeanInfo in unexpected
packages. This is a flaw in security.
A security check for java.util.PropertyPermission
is added to Introspector.setBeanInfoSearchPath() method in the JRE
to address the security concern. If the applet is unsigned and it
calls this method, a
java.security.AccessControlException is thrown.
To fix the above causes:
jarsigner tool, so that the applet runs as a trusted
applet and has permissions to call the
Introspector.setBeanInfoSearchPath() method.Introspector.setBeanInfoSearchPath(). For example,
instead of relying on the BeanInfo class search path,
use a fully qualified package name for searching the
BeanInfo.See jarsigner, which is the JAR Signing and Verification Tool.
