Hi,

I am using Hibernate in a thick client(Trusted Applet) based application. The applet uses hibernate wrapped as a stateless session bean deployed on JBoss-3.2.2RC4. Hibernate has been deployed as service. There is an ejb accessing this service. The client side jars are all signed. I am using hibernate-2.0.3. The jars included on the client side are hibernate2.jar and cglib-asm.jar I am running in to following problem. Any help is greatly and truly appreciated,


10 [Thread-6] ERROR proxy.LazyInitializer - CGLIB Enhancement failed

java.lang.ExceptionInInitializerError

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

at java.lang.reflect.Constructor.newInstance(Unknown Source)

at net.sf.cglib.ReflectUtils.newInstance(ReflectUtils.java:189)

at net.sf.cglib.ReflectUtils.newInstance(ReflectUtils.java:181)

at net.sf.cglib.ReflectUtils.newInstance(ReflectUtils.java:176)

at net.sf.cglib.Enhancer.enhanceHelper(Enhancer.java:222)

at net.sf.cglib.Enhancer.enhance(Enhancer.java:149)

at net.sf.hibernate.proxy.CGLIBLazyInitializer.getProxy(CGLIBLazyInitializer.java:32)

at net.sf.hibernate.proxy.SerializableProxy.readResolve(SerializableProxy.java:36)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.util.ArrayList.readObject(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)

at java.io.ObjectInputStream.readSerialData(Unknown Source)

at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

at java.io.ObjectInputStream.readObject0(Unknown Source)

at java.io.ObjectInputStream.readObject(Unknown Source)

at java.rmi.MarshalledObject.get(Unknown Source)

at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:136)

at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:96)

at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)

at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)

at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:100)

at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)

at $Proxy1.executeQuery(Unknown Source)

at com.bioinformatics.appl.samplebank.server.DataServerClient.populateLinkInstance(DataServerClient.java:307)

at com.bioinformatics.appl.samplebank.metadata.MetaLinkInstanceHolder.populateChildren(MetaLinkInstanceHolder.java:31)

at com.bioinformatics.appl.samplebank.gui.AbstractExplorerController$MySwingWorker.construct(AbstractExplorerController.java:232)

at com.bioinformatics.appl.samplebank.util.SwingWorker$3.run(SwingWorker.java:66)

at java.lang.Thread.run(Unknown Source)

Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkMemberAccess(Unknown Source)

at java.lang.Class.checkMemberAccess(Unknown Source)

at java.lang.Class.getDeclaredMethod(Unknown Source)

at java.lang.Object$$EnhancedByCGLIB$$0.<clinit>(<generated>)
[/b]

Signing does not helps to to grant permissions, but you can configure java security to grant all permissions for trusted code or try to put all jars to
jre/lib/ext (all permissions are granted for extensions in default configuration)

I heve never tried it, but looks like it is user friendly if you use java plug-in:
http://java.sun.com/products/plugin/1.2 ... gning.html

I do use java 1.4 plugin. So what I am using is a trusted applet running in a java plugin based JRE.

I do not use java for client side UI, but read section "How to Deploy RSA Signed Applets" it is about some kind of "security dialog" in control panel, this pluggin is not installed on my PC and I see no dialogs.
But it must be much more simple to configure security in policy file without dialogs with pluggin.

grant signed by baliuka
{

permission java.security.AllPermission;

};

http://java.sun.com/docs/books/tutorial ... olicy.html

It is a signed applet using java plugin. So when the user launches this applet for the first time, a popup window comes up asking the user if this applet signed by such and such a company could be treated as a trusted applet. Once the user accepts this verisign certificate the applet runs just like any other fully previleged standalone application. So the problem is not really at that level. The real problem occurs during deserilization. It is a problem related to CGLIB.

Looks like cglib-asm.jar is not signed:
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

Have you tried to grant this permission for cglib in policy file ?

It is very trivial to test, run applet as standalone application and try to install security manager yourself for test:

System.setSecurityManager( new RMISecurityManager() );
I have tested cglib + java security this way and it works for me.