java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" "*:*")

Question

I'm trying to use Java to talk to the ibm connections API through urlConnection with the following code

String url = "https://example.com";
URL myUrl = new URL(url);
URLConnection urlCon = myUrl.openConnection();
urlCon.setRequestProperty("Method", "GET");
urlCon.addRequestProperty("Authorization", this.getBasicAuthCredentials());
urlCon.setConnectTimeout(5000);

System.out.println(urlCon.getContentType());
System.out.println(urlCon.getContent());

it work's fine if the content-type is text/html for example but give's me the follwing error if the content-type is image /png

image/png
 java.security.AccessControlException: Access denied ("java.net.URLPermission" "https://example.com" "*:*")
    at java.security.AccessController.throwACE(AccessController.java:157)
    at java.security.AccessController.checkPermissionHelper(AccessController.java:217)
    at java.security.AccessController.checkPermission(AccessController.java:349)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:562)
    at lotus.notes.AgentSecurityManager.checkPermission(Unknown Source)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:62)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:91)
    at sun.awt.image.URLImageSource.<init>(URLImageSource.java:96)
    at sun.net.www.content.image.png.getContent(png.java:48)
    at java.net.URLConnection.getContent(URLConnection.java:763)

I already modified the java.policy to allow everything but that did not help

EDIT: in the first run of the Notes Agent after a server restart I get the following error:

Agent error: java.security.policy: error adding Permission, java.net.URLPermission: java.lang.NullPointerException

Answer 1

I got the same problem with an Applet. I fixed it by adding this line:

permission java.security.AllPermission;

to the file /usr/lib/jvm/jdk1.8.0_261/jre/lib/security/java.policy. There are other settings just for the network, if you don't want to allow it too much, which can be a security problem, for example if an Applet can access the local filesystem, in case someone still runs Applets, or other unstrusted Java code.