exceptions

java.lang.SecurityException – How to solve SecurityException

In this tutorial we will discuss about SecurityException in Java. This exception is thrown by the security manager, in order to indicate a security violation.

The SecurityException class extends the RuntimeException class and thus, belongs to those exceptions that can be thrown during the operation of the Java Virtual Machine (JVM). It is an unchecked exception and thus, it does not need to be declared in a method’s or a constructor’s throws clause.

Finally the SecurityException class exists since the 1.0 version of Java.

 

The Structure of SecurityException

Constructors

  • SecurityException()
  • Creates an instance of the SecurityException class, setting null as its message.

  • SecurityException(String s)
  • Creates an instance of the SecurityException class, using the specified string as message. The string argument indicates the name of the class that threw the error.

  • SecurityException(String message, Throwable cause)
  • Creates an instance of the SecurityException class, using the specified string as message and the specified Throwable as its cause.

  • SecurityException(Throwable cause)
  • Creates an instance of the SecurityException class, using the specified Throwable as its cause.

The SecurityException in Java

The SecurityException indicates that a security violation has occurred an thus, the application cannot be executed. A simple example is to use a package name that is already defined in Java.

For example, let’s create a simple hierarchy, where the parent directory is called java and the sub-directory is called util. Then, we create a sample Java class inside the java/util/ directory, which only prints a message:

Test.java:

package java.util;

class Test {
	public static void main(String[] args) {
		System.out.println("Hello World!");
	}
}

We compile and execute our sample code by issuing the following commands:

javac java/util/Test.java
java java.util.Test

A sample execution is shown below:

Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.util
	at java.lang.ClassLoader.preDefineClass(ClassLoader.java:659)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:758)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
	at java.net.URLClassLoader.defineClass(URLClassLoader.java:455)
	at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:367)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:360)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)

When the Java Virtual Machine (JVM) tries to load our class, it recognizes its package name as invalid and thus, a SecurityException is thrown.

How to deal with the SecurityException

  • In the aforementioned case, it is sufficient to change the package name of your application, in order to be executed by the Java Virtual Machine (JVM). In general, you must avoid using package names that are reserved by Java.
  • Sometimes, executing a .jar file can result in a SecurityException be possibly thrown. In such cases, you must verify that the .jar file is properly signed, otherwise you will not be able to execute it. For more information on how to sign a .jar please refer to the instructions here.
  • Finally, running an applet from an external source may also result in a SecurityException be thrown. The most frequent reason is that Java applications are blocked by the underlying security settings. For more information on how to change these settings and how to update your Exception Site list, please refer to the instructions here.

Sotirios-Efstathios Maneas

Sotirios-Efstathios (Stathis) Maneas is a PhD student at the Department of Computer Science at the University of Toronto. His main interests include distributed systems, storage systems, file systems, and operating systems.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

3 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
saifuddin
5 years ago

thanks sir..
security exception is a rare topic i found in internet and the best of them are gets from your site..

Dhanashri Chavan
Dhanashri Chavan
5 years ago

Error: A JNI error has occurred, please check your installation and try again
Exception in thread “main” java.lang.SecurityException: no manifiest section for signature file entry javax/crypto/IllegalBlockSizeException.class
at sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:440)
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:295)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:238)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:273)
at java.util.jar.JarVerifier.update(JarVerifier.java:228)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:383)
at java.util.jar.JarFile.getInputStream(JarFile.java:450)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:940)
at sun.misc.Resource.cachedInputStream(Resource.java:77)
at sun.misc.Resource.getByteBuffer(Resource.java:160)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:454)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)

Getting this error in java project.

Mike Mendizabal
Mike Mendizabal
4 years ago

Thanks for posting this article. A lot of the File management files in the java.io package throw a SecurityException but never require it. Are some of times a SecurityException would be thrown is if the file had it’s access denied or if I pulled the flash drive out and the file was inaccessible? Or is that a different Exception that would handle those scenarios?

Back to top button