Solved

Weblogic11 Load Balancer and SecurityException: does not match trust level of other classes in the same package

Posted on 2011-09-14
1
1,864 Views
Last Modified: 2012-05-12
Hi guys, getting stuck on very strange problem

1) We have a java swing app lauched via webstart and uses an EJB for backend, pretty standard flow.
2) Every jar we use are signed during each build/deploy
3) We have a weblogic11 cluster with 2 managed servers and a load balancer url that forwards to either of the managed servers
4) When launching the java swing app from either of the managed server directly there is no problem.
5) When launching the java swing app from the load balancer url we get the below exception that appears randomly all over the place for various class files in the jars.
6) We shutdown 1 managed server with only 1 server running, the issue remains when using the load balancer.

Basically this only happens when launching from the load balancer url, but if launched from the actual server url no problems.  I tried recreating the keystore etc.. but none of it helps.  

Any ideas?

Note: This is just 1 example in weblogic.jar but many different classes all over the place are throwing this exception as you use the java swing app. It happens randomly, click 1 would work, then click same button and this appears.

security: resource name "weblogic/kernel/KernelLogger.class" in OUR_LOAD_BALANCER_URL/weblogic.jar : java.lang.SecurityException: class "weblogic.kernel.KernelLogger" does not match trust level of other classes in the same package
Exception in thread "ExecuteThread: '0' for queue: 'default'" java.lang.SecurityException: class "weblogic.kernel.KernelLogger" does not match trust level of other classes in the same package
	at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
	at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
	at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
	at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
	at java.net.URLClassLoader$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(Unknown Source)
	at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:155)
	at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)

security: resource name "weblogic/rjvm/PeerGoneEvent.class" in OUR_LOAD_BALANCER_URL/weblogic.jar : java.lang.SecurityException: class "weblogic.rjvm.PeerGoneEvent" does not match trust level of other classes in the same package

Open in new window

0
Comment
Question by:gagaliya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 8

Accepted Solution

by:
allen-davis earned 500 total points
ID: 36552798
I found these links that seem to indicate it could be a class name collision if the files are signed with different certs from maybe different jars.  Do you possibly have some weblogic code/classes in your signed jars that could be colliding with the default classes?

http://stackoverflow.com/questions/2877262/java-securityexception-signer-information-does-not-match

http://stackoverflow.com/questions/4680823/java-lang-securityexception-class-org-apache-log4j-logger-does-not-match-trust
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question