Bug: Java Viewer and Manager does not load successfully when using JRE 1.4.2_01 or later versions

Description

Any combination of the following problems or errors may indicate that the Java Custom or Standard Viewer is not successfully loading due to the use of JRE version 1.4.2_01 or later:

- No toolbar
- No overview map
- Error in the browser window:
"java.lang.Exception:
java.lang.NullPointerException"
- Error in the browser window:
"java.security.AccessControlException:
access denied java.lang.RuntimePermission modifyThreadGroup)"


Follow the steps below to troubleshoot and confirm the source of the errors on the client machine where the Java Viewer errors are occurring:

1. Open the Java Plug-in control panel. Go to Start > Settings > Control Panel > Java Plug-in
2. Select 'Show Console' on the Basic tab.
3. Add the following text to the Java Runtime Parameters box on the Advanced tab:

Code:
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect

4. Verify the box is checked next to the browser used on the Browser tab.
5. Start a new browser application and load the Java Viewer. The Java Console should start in a separate dialog window.
6. Verify one of the following errors appears in the Java Console:

Code:

java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.applet.AppletSecurity.checkAccess(Unknown Source)
at java.lang.ThreadGroup.checkAccess(Unknown Source)
at java.lang.Thread.init(Unknown Source)
at java.lang.Thread.<init>(Unknown Source)
at com.esri.mo.map.img.BaseCache.fetch(Unknown Source)
at com.esri.mo.map.img.BaseImageServerLayer.fetch(Unknown Source)
at com.esri.mo.ui.bean.OverviewMap.f(Unknown Source)
at com.esri.mo.ui.bean.OverviewMap.redraw(Unknown Source)
at com.esri.aims.viewer.IMSOverviewMap.redraw(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.Exception: java.security.AccessControlException:
access denied(java.lang.RuntimePermission modifyThreadGroup)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

Or

Code:

java.lang.NullPointerException
at javax.swing.ImageIcon.<init>(Unknown Source)
at com.esri.cc.comp.mg.d(Unknown Source)
at com.esri.cc.comp.mg.a(Unknown Source)
at com.esri.aims.viewer.IMSMap.enableFunction(Unknown Source)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
java.lang.Exception: java.lang.NullPointerException
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

Cause

With JRE 1.4.2_01 and later versions, Sun introduced new security restrictions for JavaScript > Java calls. Since the origin of JavaScript code cannot be verified, Java code called from the JavaScript is not considered to be from the same codebase. As a result, permissions granted for the applet codebase in the java.policy file, as a default found at $JAVA_HOME/lib/security, are not honored in a JavaScript > Java call.

JRE's prior to 1.4.2_01 were less restrictive with respect to JavaScript > Java communication, therefore the Java Viewer functiond without explicit security changes. While no specific security threat has been associated with this issue, Sun has proactively decided to implement tighter security standards within its products.

Workaround

JRE 1.4.2_01 and later versions are not explicitly supported with ArcIMS 4.0.1 and ArcIMS 9.0. Verify that a supported JRE version is used by way of the ArcIMS Support Site in the Releated Information Section below.

JRE 1.4.2_06 and 1.4.2_08 are listed as supported with ArcIMS 9.1, however the same client side issue still exists in these Java Runtime Environment versions. Therefore the workarounds listed for the JRE versions 1.4.2_01 and higher apply to all ArcIMS Java Viewers regardless of the ArcIMS version used. The Java version known to not cause the described issues is JRE 1.4.2 (initial). This can be downloaded from the Java Sun Website.

To define a specific version of the JRE to be used for the Java Viewer on client machines that do not yet have a Java version installed, use the following document Java Viewer-JRE Settings.
<a href='http://support.esri.com/en/knowledgebase/techarticles/detail/23620' target='_blank'>How To: Force the ArcIMS Java Viewer Applet to run using a specific version of the Java Plug-In</a>

If using a JRE version that is supported and is known not to cause the described issues, is not possible, the solutions to this problem involve changing the java.policy file on the client machine to resolve both errors listed above.

Warning:
ESRI is not responsible for issues or problems that may result due to the following security changes. See the Java Policy Permissions information in the Related Information section for more details on security options and risks.

Select an error and solution below.

  • java.lang.NullPointerException at javax.swing.ImageIcon.<init> (Unknown Source)

    The following error is returned because the Java Viewer applet does not have access to files, in this case, an image, outside it's own resource bundle:

    "java.lang.NullPointerException
    at javax.swing.ImageIcon.<init>(Unknown Source)"

    To resolve this select a solution below:

    Solution 1
    1. Open the java.policy file, from the JRE's lib/security directory, in a text editor.
    2. Add the following line under the line "grant {":

    Code:
    permission java.io.FilePermission "${java.home}\\lib\\ext\\*", "read";

    3. Save the file.
    4. Open a new browser session and load the Java Viewer. The Viewer should load without errors.

    Solution 2
    1. Open the default.js file associated with the Java Viewer application.
    2. Verify the following line is specified:

    Code:
    applet.enableFunction(48, false);

    'Function 48' corresponds to the 'Map Tips' tool. The path specified for the image icon used by the 'Map Tips' tool is outside the applets resource bundle.
    3. Save the file.
    4. Open a new browser session and load the Java Viewer. The Viewer should load without errors.
  • java.security.AccessControlException:
    access denied (java.lang.RuntimePermission modifyThreadGroup)
    at java.security.AccessControlContext.checkPermission(Unknown Source)


    The following error is returned because the JavaScript > Java communication in the Java Viewer requires that threads be modified and a connection to the remote server be established:

    "java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)
    at java.security.AccessControlContext.checkPermission(Unknown Source)"

    To resolve this issue follow the steps below:

    1. Open the java.policy file, from the JRE's lib/security directory, in a text editor.
    2. Add the following lines under the line "grant {":

    Code:
    permission java.lang.RuntimePermission "stopThread";
    permission java.lang.RuntimePermission "modifyThreadGroup";
    permission java.lang.RuntimePermission "modifyThread";
    permission java.net.SocketPermission "*", "connect,accept,resolve";

    3. Save the file.
    4. Open a new browser session and load the Java Viewer. The Viewer should load without errors.
  • When using ArcIMS Manager

    To resolve issues using ArcIMS Manager follow the steps below:

    1. Open the java.policy file, from the JRE's lib/security directory, in a text editor.
    2. Add the following lines under the line "grant {":

    Code:
    permission java.io.FilePermission "${java.home}\\lib\\ext\\*", "read";
    permission java.io.FilePermission "${user.home}\\*", "read";
    permission java.lang.RuntimePermission "stopThread";
    permission java.lang.RuntimePermission "modifyThreadGroup";
    permission java.lang.RuntimePermission "modifyThread";
    permission java.net.SocketPermission "*", "connect,accept,resolve";

    3. Save the file.
    4. Open a new browser session and load the Manager application. The Manager should load without errors.

Related Information