java.lang.SecurityException: class “org.apache.log4j.Logger” does not match trust level of other classes in the same package

Question

For an java web application, I got this error when using JRE 1.6.0_22

java.lang.SecurityException: class "org.apache.log4j.Logger" does not match trust level of other classes in the same package

However, it works fine when using JRE 1.6.0_13.

I searched in Google, and find the there is a security enhancement since update 19.

And for this exception, it says,

The following two SecurityExceptions are thrown after mixed components had previously been detected and a decision was made to allow them to coexist. The exceptions indicate that a component name collision (resource name or class package name) was detected between trusted and untrusted components and the request to load the resource or class was denied.

Now the problem is, how could i find which classes (maybe org.apache.log4j.Logger?) have the collision and which packages they are in?

I find there is a similar question in Oracle forums

Answer 1

Interesting link. I didn't have the problem yet - but may it be that you have the jar with "org.apache..." in the JavaEE container classpath somewhere and in the web application.

Look for that and to test remove it from the web app