Signed jar throws java.lang.reflect.InvocationTargetException

Question

I wrote a JApplet that lives in a signed jar (I purchased a certificate). I'm working through trying to get it to work on a web server. When I invoke it using a standard "applet" tag, I get the nag dialog that recognizes that the jar is signed. It then displays another dialog asking to block the applet content. It mentions that I have a mixture of my signed jar, and other unsigned jars (namely javax.mail.jar, mysql-connector-java-5.1.25-bin.jar, and some others). It results in the following console dump:

security: Trust for: http://MyUrl/javax.mail.jar has ended: Wed Dec 31 19:00:00 EST 1969
basic: exception: java.lang.reflect.InvocationTargetException.
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
    at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.runOnEDTAndWait(Unknown Source)
    at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.instantiateApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
    at com.sun.deploy.uitoolkit.impl.awt.OldPluginAWTUtil.invokeAndWait(Unknown Source)
    ... 5 more
Caused by: com.sun.deploy.security.BlockedException: User has denied the priviledges to the code
    at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
    at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.defineClassHelper(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.access$100(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.Class.getDeclaredConstructors0(Native Method)
    at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
    at java.lang.Class.getConstructor0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter$1.run(Unknown Source)
    at java.awt.event.InvocationEvent.dispatch(Unknown Source)
    at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
    at java.awt.EventQueue.access$200(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.awt.EventQueue$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.awt.EventQueue$4.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
    at java.awt.EventQueue.dispatchEvent(Unknown Source)
    at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
    at java.awt.EventDispatchThread.run(Unknown Source)
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@2ddb6b
security: Reset deny session certificate store
basic: Dialog type is not candidate for embedding

The console output also warns about a "Missing Permissions manifest attribute" and a "Missing Codebase manifest attribute" even though I specified them in the html code.

I've also tried running it via a jnlp file. When I try that, it does not seem to recognize the jar is signed as evidenced by the following:

It results in the same console dump.

I'm treading on new ground. Can someone shed some light on this? I know it's probably something basic, but, I could use another set of eyes on this.

Thanks in advance for any help, advice, etc.

Answer 1

I was able to resolve this problem by signing the jars one at a time. I ran the app and watched the console messages. Each time, the console output would complain about a different jar having expired security. One by one, I signed the jars in question, and, the problem resolved itself. I'm not sure this is the appropriate way of handling this, but, it fixed the problem.