Java jnlp application blocked by Security settings

I have an enterprise java application that has plenty of jars that are downloaded to the client's jvm cache by a jnlp file. When I start the application I get the following stack trace on Java Console:

        Exception in thread "AWT-EventQueue-1" java.lang.NullPointerException
at com.sun.deploy.ui.DialogTemplate.imageAvailable(Unknown Source)
at com.sun.deploy.ui.DialogTemplate.finalImageAvailable(Unknown Source)
at com.sun.deploy.ui.ImageLoader$2.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
       Exception in thread "AWT-EventQueue-1" java.lang.NullPointerException
at com.sun.deploy.ui.DialogTemplate.imageAvailable(Unknown Source)
at com.sun.deploy.ui.DialogTemplate.finalImageAvailable(Unknown Source)
at com.sun.deploy.ui.ImageLoader$2.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
    #### Java Web Start Error:
    #### The Java security settings have prevented this application from running. You may change this behavior in the Java Control Panel.

My JNLP File is like the following with some censored descriptions:

<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0+" codebase="http://10.100.10.9/ikarusdelhitest/" href="ikarus.jnlp">
<information>
    <title>ikarus</title>
    <vendor>my company</vendor>
    <homepage href="http://www.mycompanyaddress.com" />
    <description>My enterprise java ee swing application</description>
    <icon href="ikarus.jpg" />
    <offline-allowed />
</information>
<security>
    <all-permissions />
</security> 
<resources> 
    <jar href="jars/ikarus/ikarusClient.jar" />
    <jar href="jars/ikarus/ikarusDelegators.jar" />
    <jar href="jars/ikarus/clientRules.jar" />
    <jar href="jars/ikarus/ruleImps.jar" />
    <jar href="jars/ikarus/ikarusUtil.jar" />
    <jar href="jars/ikarus/ikarusResources.jar" />
    <jar href="jars/ikarus/domain.jar" />
    <jar href="jars/ikarus/domain_repository.jar" />
    <jar href="jars/ikarus/domain_service.jar" />
    <jar href="jars/ikarus/app_repository.jar" />
    <jar href="jars/ikarus/app_service.jar" />
    <jar href="jars/ikarus/infrastructure.jar" />
    <jar href="jars/ikarus/integration_domain.jar" />
    <jar href="jars/jboss_ejb_auth/ejb3-persistence.jar" />
    <jar href="jars/jboss_ejb_auth/jboss-ejb3x.jar" />
    <jar href="jars/jboss_ejb_auth/jbossall-client.jar" />
    <jar href="jars/jasper/commons-beanutils-1.8.0.jar" />
    <jar href="jars/jasper/commons-collections-3.2.1.jar" />
    <jar href="jars/jasper/commons-digester-1.7.jar" />
    <jar href="jars/jasper/commons-logging-1.1.jar" />
    <jar href="jars/jasper/iText-2.1.0.jar" />
    <jar href="jars/jasper/jasperreports-3.6.0.jar" />
    <jar href="jars/jasper/poi-3.2-FINAL-20081019.jar" />
    <property name="jnlp.localization" value="Delhi"/>
</resources>
<application-desc main-class="com.celebi.ikarus.main.Ikarus" />

ALso note that I get some different exception details on the more information panel:

com.sun.deploy.security.BlockedException: The Java security settings have prevented this application from running. You may change this behavior in the Java Control Panel.
at com.sun.deploy.security.SandboxSecurity.showBlockedDialog(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.AppPolicy.addPermissions(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.getTrustedCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.SecurityException: Invalid Permissions value: all-permissions  
at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
at com.sun.deploy.security.DeployManifestChecker.verify(Unknown Source)
... 39 more

I dont have any security restrictions for security on java control panel. It is at the medium level as follows:

Thanks for any help

New Edit: I got more explanatory stacktrace when I tried to run this jnlp from a jvm 1.6 machine as follows:

java.lang.NoClassDefFoundError: javax/ejb/EJBAccessException
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Unknown Source)
at java.lang.Class.getMethod0(Unknown Source)
at java.lang.Class.getMethod(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ClassNotFoundException: javax.ejb.EJBAccessException
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)

回答1:

I fixed this by going into the Java Control Panel (Start Menu > All Programs > Java > Configure Java) and adding two URLs to the Security Edit Site List.

http://code.google.com

http://androidscreencast.googlecode.com

For Mac System Preferences > Java

Where to add these sites

Java Control Panel > Security Tab > Edit Site List > Add > Apply > Ok

回答2:

I recommend you to enable tracing and logging, see here how:

And then run the application from command line.

javaws -verbose AppName.jnlp

Then you could check for clues in log and trace files stored in this path

\Documents and Settings\<USERNAME>\Application Data\Sun\Java\Deployment\log

img source:

http://www.cisco.com/c/en/us/support/docs/security/hostscan/117097-trouble-java7-00.html

回答3:

I tried to add the item file:/ and worked.

回答4:

We saw this problem with Java 1.8u60 caused by dead references to icons in the JNLP file. Previously the missing icons were ignored, but now we are seeing failures with the stack trace in the question. Removing the references to the icons fixed our problem.

Here are the two references we removed:

<icon href="ORCL.jpg" kind="splash"/>
<icon href="ORCS.jpg" kind="default"/>

Hope that helps.

回答5:

I had a very similar problem (Correctly signed JNLP application prevented from running in Java 7)

I fixed it by ensuring

I compiled using 1.7
I updated my JNLP file to enforce 1.7

<resources>
<j2se version="1.7*" java-vm-args="-Xmx32m" max-heap-size="32m" href="http://java.sun.com/products/autodl/j2se"/>

回答6:

You can also try enabling the checkbox under Advanced tab of java (in controlpanel) and check mark the Always allow option under JNLP file section

回答7:

On an Arch Linux system, I found the Java Control Panel to be accessible at /opt/java7/jre/bin/ControlPanel (a symlink to jcontrol). By running it, I was able to access the Security tab, and then crank down the Security Level to Medium. Then I'm prompted about accepting a security warning upon starting something like /opt/java7/bin/javaws.