Webstart application: SecurityException: setContextClassLoader

StackOverflow https://stackoverflow.com/questions/21440563

Question

I have a webstart application which connects to a web service. The manifest has:

Permissions: all-permissions

And the jnlp has:

<security>
  <all-permissions/>
</security>

However when the connection to the web service is created I get a java.lang.SecurityException: setContextClassLoader (full stack trace below). When I run the application directly (without webstart) it works fine. Is there anything that I should check or change in my setup to fix the problem?

Note: I am using Java 8. The application was working fine with build 121 but fails with build 123, 124 or 125 (the most recent one). So either my setup is fine and a bug has been introduced between b121 and b123 or a bug has been fixed in b123 which exposes a problem in my setup.

org.glassfish.hk2.api.MultiException: A MultiException has 2 exceptions.  They are:
1. java.lang.SecurityException: setContextClassLoader
2. java.lang.IllegalStateException: Unable to perform operation: create on org.jvnet.hk2.internal.DynamicConfigurationServiceImpl

    at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:362) ~[na:na]
    at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:454) ~[na:na]
    at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:119) ~[na:na]
    at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2296) ~[na:na]
    at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:590) ~[na:na]
    at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:577) ~[na:na]
    at org.glassfish.hk2.utilities.ServiceLocatorUtilities.enablePerThreadScope(ServiceLocatorUtilities.java:89) ~[na:na]
    at org.glassfish.jersey.internal.inject.Injections._createLocator(Injections.java:144) ~[na:na]
    at org.glassfish.jersey.internal.inject.Injections.createLocator(Injections.java:137) ~[na:na]
    at org.glassfish.jersey.client.ClientConfig$State.initRuntime(ClientConfig.java:352) ~[na:na]
    at org.glassfish.jersey.client.ClientConfig$State.access$000(ClientConfig.java:85) ~[na:na]
    at org.glassfish.jersey.client.ClientConfig$State$3.get(ClientConfig.java:117) ~[na:na]
    at org.glassfish.jersey.client.ClientConfig$State$3.get(ClientConfig.java:114) ~[na:na]
    at org.glassfish.jersey.internal.util.collection.Values$LazyValue.get(Values.java:311) ~[na:na]
    at org.glassfish.jersey.client.ClientConfig.getRuntime(ClientConfig.java:669) ~[na:na]
    at org.glassfish.jersey.client.ClientRequest.getConfiguration(ClientRequest.java:214) ~[na:na]
    at org.glassfish.jersey.client.JerseyInvocation.validateHttpMethodAndEntity(JerseyInvocation.java:124) ~[na:na]
    at org.glassfish.jersey.client.JerseyInvocation.<init>(JerseyInvocation.java:97) ~[na:na]
    at org.glassfish.jersey.client.JerseyInvocation.<init>(JerseyInvocation.java:90) ~[na:na]
    at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:396) ~[na:na]
    at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:296) ~[na:na]
    at com.assylias.fund.master.impl.DefaultUserMaster.authenticate(DefaultUserMaster.java:55) ~[na:na]
    at com.assylias.bigblue.gui.javafx.users.Login$AuthenticationTask.call(Login.java:342) ~[na:na]
    at com.assylias.bigblue.gui.javafx.users.Login$AuthenticationTask.call(Login.java:325) ~[na:na]
    at javafx.concurrent.Task$TaskCallable.call(Unknown Source) ~[na:na]
    at java.util.concurrent.FutureTask.run(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.CompletableFuture$AsyncRun.exec(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.ForkJoinPool.scan(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) ~[na:1.8.0-ea]
    at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) ~[na:1.8.0-ea]
Caused by: java.lang.SecurityException: setContextClassLoader
    at java.util.concurrent.ForkJoinWorkerThread$InnocuousForkJoinWorkerThread.setContextClassLoader(Unknown Source) ~[na:1.8.0-ea]
    at org.glassfish.hk2.utilities.reflection.ReflectionHelper$2.run(ReflectionHelper.java:1049) ~[na:na]
    at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0-ea]
    at org.glassfish.hk2.utilities.reflection.ReflectionHelper.setContextClassLoader(ReflectionHelper.java:1045) ~[na:na]
    at org.glassfish.hk2.utilities.reflection.ReflectionHelper.makeMe(ReflectionHelper.java:1101) ~[na:na]
    at org.jvnet.hk2.internal.ClazzCreator.createMe(ClazzCreator.java:261) ~[na:na]
    at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:336) ~[na:na]
Was it helpful?

Solution

I should have read the stacktrace more carefully. The exception is thrown by java.util.concurrent.ForkJoinWorkerThread$InnocuousForkJoinWorkerThread.setContextClassLoader which is a default, no-permission, worker thread. The change has been made following this post and this is the diff.

I was accessing the web service with:

CompletableFuture.runAsync(accessWebservice());

which uses the default ForkJoinPool threadpool, which itself relies on the new InnocuousForkJoinWorkerThread, which throws an exception if setContextClassLoader is called.

Workaround:

CompletableFuture.runAsync(accessWebservice(), executor); //provide an executor
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top