SOLVED Virtual Machine : console blocked by Java security

[a.iredigo]

Hi all,

I was trying to install musicbrainz database (following this guide, hat tip zufallshed) inside a virtualbox jail.
Everything went fine until I tried to use the virtual machine (as recommended by guide above, following musicbrainz instructions).
As the console is run by a vnc wiever app for java, it was blocked by recent enhanced security criteria by java.
I tried adding the jail musicbrainz ip (192.168.1.9 in my case, as well as 192.168.1.9:3389) to the java console exception list to no avail.

*****************************************
Error: access denied ("java.net.SocketPermission" "192.168.1.9:3389" "connect,resolve")
java.security.AccessControlException: access denied ("java.net.SocketPermission" "192.168.1.9:3389" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at RfbProto.<init>(RfbProto.java:229)
at VncViewer.connectAndAuthenticate(VncViewer.java:325)
at VncViewer.run(VncViewer.java:158)
at java.lang.Thread.run(Unknown Source)
*********************************************

Any idea how to get around this ?

Thanks

 

[csjjpm]

Hi,
this happenned to me. I updated to the latest Java 7.0.750 (I havent gone to 8 yet). I then also made sure that Firefox 'always activates' the Java Platform plugin. I tried 'ask to activate' and reloaded the plugin but it didn't work. Chrome was fine after allowing it once. I don't both with IE.
Paul

 

[Pandora]

Hi

That's how you can fix that:

First

Code:

Open Control Panel
Open Java (32-bit)
Go to the security tab
Add the JailIP of the VirtualBox-Jail to the Excpetion Site List at the bottom
Ok

Then

Code:

Go to C:\Program Files (x86)\Java\jre1.8.0_31 (or whatever the jre-folder is called in \Java\)
Edit the file java.policy
Add these lines (replace [Jail-IP] with your Jail-IP of course):
permission java.net.SocketPermission "[Jail-IP]:9000", "connect, resolve";
permission java.net.SocketPermission "[Jail-IP]:3389", "connect, resolve";
Save
Restart your browser
Done :)

If you're not able to edit the file java.policy directly, that's an UAC issue (even if you have UAC disabled). In that case, just copy the file to your desktop, edit it there and then copy it back to it's original folder with overwrite. That should do the trick.


P.S.: Good luck with MusicBrainz, I just can't get it to install successfully.

 

[a.iredigo]

Hi

That's how you can fix that:

First

Code:

Open Control Panel
Open Java (32-bit)
Go to the security tab
Add the JailIP of the VirtualBox-Jail to the Excpetion Site List at the bottom
Ok

Then

Code:

Go to C:\Program Files (x86)\Java\jre1.8.0_31 (or whatever the jre-folder is called in \Java\)
Edit the file java.policy
Add these lines (replace [Jail-IP] with your Jail-IP of course):
permission java.net.SocketPermission "[Jail-IP]:9000", "connect, resolve";
permission java.net.SocketPermission "[Jail-IP]:3389", "connect, resolve";
Save
Restart your browser
Done :)

If you're not able to edit the file java.policy directly, that's an UAC issue (even if you have UAC disabled). In that case, just copy the file to your desktop, edit it there and then copy it back to it's original folder with overwrite. That should do the trick.


P.S.: Good luck with MusicBrainz, I just can't get it to install successfully.

Thank you so much Pandora, it worked perfectly. I am trying to get through the end of the MusicBrainz install process, will let you know if it works.

 

[ric]

View attachment 7993 Im getting this error now and I don't see any url so that I can copy it into the JAVA exception list (Security setting).

 

[FritVetBE]

Hey ric

I expect that if you add http://192.168.1.13 to the java security exception list by executing the steps below:

Hi

That's how you can fix that:

First

Code:

Open Control Panel
Open Java (32-bit)
Go to the security tab
Add "http://192.168.1.13" (without the quotes) to the Excpetion Site List at the bottom
Ok

A restart of the browser may be necessary for the changes to take effect.
Also, after you added the location to your exception list, Java might still prompt for a security warning, but at least you can tick the checkbox to allow it to be run ;-)

 

[ric]

I followed the instruction here after adding my Jail IP address on to exception list in Java control panel, I got another issues as shown on the picture.

 

[SweetAndLow]

Try running virtualbox as administrator maybe?

 

[ric]

How to run virtualbox as administrator inside freenas?

 

[SweetAndLow]

Ignore me I didn't read the whole thread. You are not doing what I thought you where

 

[jadz]

Just to be clear - you need to add the suggested line within a grant statement in the java.policy document.

Code:

grant {
  permission java.net.SocketPermission
        "<IP of VirtualBox Jail>:9000",
    "connect, resolve";
};

 

[ric]

I've added it like so... See in red line comment. But still didn't work.

// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See the API specification of java.lang.Thread.stop() for more
// information.
permission java.lang.RuntimePermission "stopThread";

// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";

permission java.net.SocketPermission"192.168.1.3:9000", "connect, resolve";

// "standard" properies that can be read by anyone

permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";

permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";

permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};

 

[ric]

Anyone?

 

[Quinnx]

Thanks that work here!

 

[Emerson Busto]

Hi

That's how you can fix that:

First

Code:

Open Control Panel
Open Java (32-bit)
Go to the security tab
Add the JailIP of the VirtualBox-Jail to the Excpetion Site List at the bottom
Ok

Then

Code:

Go to C:\Program Files (x86)\Java\jre1.8.0_31 (or whatever the jre-folder is called in \Java\)
Edit the file java.policy
Add these lines (replace [Jail-IP] with your Jail-IP of course):
permission java.net.SocketPermission "[Jail-IP]:9000", "connect, resolve";
permission java.net.SocketPermission "[Jail-IP]:3389", "connect, resolve";
Save
Restart your browser
Done :)

If you're not able to edit the file java.policy directly, that's an UAC issue (even if you have UAC disabled). In that case, just copy the file to your desktop, edit it there and then copy it back to it's original folder with overwrite. That should do the trick.


P.S.: Good luck with MusicBrainz, I just can't get it to install successfully.

Hi Pandora!

I've saw your post and maybe you can help me too.

I'm a new user of TOTVS Fluig ESB and try to install ESB in a Virtual Box Windows 10 machine.

When I start the Derby database I get the same message:

Tue Jul 16 10:23:02 BRT 2019 : DRDA_SecurityInstalled.I
Tue Jul 16 10:23:02 BRT 2019 : access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkListen(SecurityManager.java:1131)
at java.net.ServerSocket.bind(ServerSocket.java:374)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at javax.net.DefaultServerSocketFactory.createServerSocket(ServerSocketFactory.java:231)
at org.apache.derby.impl.drda.NetworkServerControlImpl.createServerSocket(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.access$000(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(Unknown Source)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
Pressione qualquer tecla para continuar. . .

java.policy file was modified with this settings:


permission java.net.SocketPermission "192.168.1.1:1527", "connect, resolve";
permission java.net.SocketPermission "localhost:1527", "connect, resolve";

And the Java Console settings changed to:

I Have java in Program Files and Program files(x86). I Change files in both files.

May you see what I´m missing!

Thank´s a lot!