Java.lang.SecurityException: class "org.apache.log4j.Logger" does not match the trust level of other classes in the same package

Question

Java.lang.SecurityException: class "org.apache.log4j.Logger" does not match the trust level of other classes in the same package

For java web application, I got this error when using JRE 1.6.0_22

java.lang.SecurityException: class "org.apache.log4j.Logger" does not match the trust level of other classes in the same package

However, it works fine when using JRE 1.6.0_13.

I searched on Google and found that there is a security enhancement with update 19 .

And for this exception, it says:

The following two SecurityExceptions are issued after the mixed components were previously detected, and a decision was made to allow them to coexist. Exceptions indicate that a collision between component names (resource name or package name) was detected between trusted and untrusted components, and the request to load a resource or class was rejected.

Now the problem is, how can I find which classes (maybe org.apache.log4j.Logger?) Have a collision and what packages are they in?

I find there is a similar question in Oracle Forums

+4

java security mixed-code

Joey sun Jan 13 '11 at 13:58

source share

1 answer

mtraut · Accepted Answer · 2011-01-13T14:32:51+0000

Interesting link. I have not had a problem yet - but maybe you have a jar with "org.apache ..." in the JavaEE class container somewhere in the web application.

Look for it and test, remove it from the web application

Java.lang.SecurityException: class "org.apache.log4j.Logger" does not match the trust level of other classes in the same package

More articles: