I'm developing an applet that requires to save a text file on the server. After wrestling with this problem for a while I stumbled on the internet on the Lynlin.class which can send files using ftp connection. That works fine provided I add to my C:\Program Files\Java\jre7\lib\security\java.policy file a following line:
permission java.net.SocketPermission "192.168.33.15:*", "connect, accept ,resolve, listen";
If I try to run this applet from the computer that did not have the java.policy file edited I get the following error:
java.security.AccessControlException: access denied
("java.net.SocketPermission" "192.168.33.15:21" "connect,resolve")*
Does anybody know how could I get rid of this problem other than editing java.policy file at each and every computer that will be using this applet?
Just to claryfy:
my applet at the moment is not signed, but the server with which it tries to send a file is the same at which the applet is located
the http and ftp server are microsoft IIS running on the Windows Server 2003 (ip 192.168.33.15)
The exact URL is "\pwaidc9...
That's not a URL. It is a Windows UNC file name. You downloaded the applet from a file system, not a TCP host at all, so you can't connect to it with a socket.
Sign the applet.
As EJP alluded to, the address delivering the applet, and the address of the server, seem to be different to the JRE that is running the applet.
It is necessary to access the HTML via the server (an http://.. address).
There is no way for an applet to do network connections without explicit permissions to allow such activity in the client machine environment. This is so for the security of the client machine. All applets by default run in a restricted sandboxed environment.
Related
I would like to know if when I launch my Java Web Start application, I'm using my browser or the connection is directly from the Java sandbox against the server through Http/Https protocol.
I want ot know, wether once the JAR has been downloaded and stored locally, next time when the applciation is launched, it will use my browser?
No, Java WebStart doesn't use the browser. It uses the JRE to connect to a remote server using HTTP or HTTPS.
The browser is only involved in the download of the .jnlp file. And even here, you could send the JNLP file by e-mail or any other mean. It would work too.
I have developed an applet that needs to read in a data file from the user. I have the user pick the file outside the applet and upload it, I then move a copy of the file to the applet folder so I can access it with the applet with only sandbox security. My problem arises from the fact that I run the applet on several hosts. How can I determine the correct host this applet was downloaded from so I can connect to the proper host for the correct data file?
See the Applet.getCodeBase() & getDocumentBase() methods.
I have added functionality which will enable the user to attach a file from web page.
and this file will be sent as an attachment to another user.
When I try this on my local machine it works fine.
I deployed the application on the server.
And when I am trying to attach a file its throwing FileNotFoundException.
Kindly help.
You seems to be reading file system assuming that client is always on server.
Server and Client are different things. Client may be / May not be [all most all the time] on server. You need to upload file then read..
If you can read client's flle system this easily, then we might not have coined the word security
I have written a code in JAVA to search files from the system.User specifies the filename and extension on text input on applet window and on button click code establishes a connection to oracle database and searches the directory name from the database table.The code for searching works fine without applet and on using applet it detects an error which is
"access denied(java.util.PropertyPermissionfile.encoding read)"
How do i grant this applet the permission to read from database?
An applet is only allowed to connect to server from where it was downloaded. Otherwise you need to sign the applet. Or use a proxy to connect to the database from the machine the applet came from.
See also How can I connect from an applet to a database on the server?
I have an applet that throws this exception when trying to communicate with the server (running on localhost). This problem is limited to Applets only - a POJO client is able to communicate with the exact same server without any problem.
Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.net
.SocketPermission 127.0.0.1:9999 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
My applet.policy file's contents is:
grant {
permission java.security.AllPermission;
};
My question is what are the other places where I need to modify my security settings to grant an Applet more security settings?
Thank you.
EDIT: Further investigation has lead me to find that this problem only occurs on some machines - but not others. So it could be a machine level (global) setting that is causing this, rather than a application-specific setting such as the one in the applet.policy file.
EDIT: Another SO question: Socket connection to originating server of an unsigned Java applet
This seems to describe the exact same problem, and Tom Hawtin - tackline 's answer provides the reason why (a security patch released that disallows applets from connecting to localhost). Bearing this in mind, how do I grant the applet the security settings such that in can indeed run on my machine. Also why does it run as-is on other machines but not mine?
Seeing this: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1, it's clear that Applets run from localhost (without being deployed to a web server) cannot access localhost.
There is no workaround for this issue as indicated
4. Workaround
There is no workaround for this issue.
Please see the Resolution section
below.
My suggestion is as follows:
Signing a Jar file to get more security privileges (http://java.sun.com/docs/books/tutorial/deployment/jar/signindex.html)
It stipulates:
Users who verify your signature can
grant your JAR-bundled software
security privileges that it wouldn't
ordinarily have.
Running your applet from a web server (such as Tomcat) and accessing it locally through your browser.