I'm trying to read a envrionment varaible from a applet, here is my code
String env = System.getenv("TWS");
System.out.println(env);
Runtime rt = Runtime.getRuntime();
String s = env + "\\WebStart.bat " ;
System.out.println(s);
try {
Process p = rt.exec(s);
} catch (Exception e) {
}
when i run the code from netbeans by right click and run, it is running without a problem.
but when i put it to a jar file, add it to my web application and try to run it from a html page using the following code
<applet code="draw.class" archive='AppletTest.jar'>
<param name="shape" value="triangle"/>
</applet>
i'm getting a error saying access denied , java.lang.RuntimePermission
i am running this web application using tomcat 6.
i have read some guides and added the following entry to catalina.policy file in tomcat 6 and restarted tomcat
permission java.lang.RuntimePermission "accessDeclaredMembers";
but still the same warning. can some one please suggest a solution for this problem?
--rangana
When you run your applet from netbeans, Java virtual machines runs it under a different security regime than when you run it through browser.
Applets, downloaded through browsers, that are not signed using a security certificate, are considered to be untrusted and referred to as unsigned applets. When running on a client, unsigned applets operate within a security sandbox that allows only a set of safe operations. You can check if a perticular permission is granted to you applet or not by using SecurityManager. For example in your case :
System.getSecurityManager().checkPermission(new RuntimePermission("accessDeclaredMembers"));
You can know more about applet security here and here. A very nice tutorial on making signed applets can be found here.
Related
I am working on a task, which is changing the file's permission to 640 after our code exports the file to our Linux server. The same code works in our Dev server, but in our Uat server, sometimes the permission is changed to 640 successfully, sometimes the permission can not be changed, is still the default 600.
I checked the SystemOut.log, no any error for this.
My related Java code is like below:
private void exportXXXFiles() {
......
//Settings for the access permissions of the exported files
Set<PosixFilePermission> filePerms = new HashSet<PosixFilePermission>();
filePerms.add(PosixFilePermission.OWNER_READ);
filePerms.add(PosixFilePermission.OWNER_WRITE);
filePerms.add(PosixFilePermission.GROUP_READ);
try {
Path localFilePath = ......;
Files.setPosixFilePermissions(localFilePath, filePerms);
......
} catch (IOException e) {
e.printStackTrace();
}
}
I am confused why the same code works in our Dev server but not stable in our Uat server, where sometimes it works sometimes it does not work. I assume that is the environment issue, but I have no idea what the exact issue is. Who can give me some suggestions?
Thanks!
There are a few reason why changing permissions might not work. These include:
The application doesn't have permission to change permissions. With classic UNIX / Linux, you need to be the file owner or root to change an file's permissions. Then there are ACLs.
The file system might be read-only, or mounted read only.
The file system type might not support the combination of permissions you are trying to use. For example, FAT did not support execute permissions, and NTFS permissions work a bit differently. Unfortunately, when you mount a "foreign" file system type on Linux, the OS doesn't provide a way to direcrly manipulate the file system's native permissions.
It is possible that what you are trying to do is blocked by SE Linux or AppArmor or similar.
Now, some of these may result in a Java exception when you attempt to change the permission. But that is up to the OS and the file system drivers. Java can only throw an exception if the OS tells Java that the permission change attempt failed, and it can only report / interpret the reason (the errno) returned by the chmod syscall.
I would like to open TestComplete from java, but I can't do that, because lack of privilege. When I run my code
public static void StartTC() {
try{
Process p = Runtime.getRuntime().exec(new String[] {"C:\\Program Files (x86)\\SmartBear\\TestComplete 11\\Bin\\TestComplete.exe"});
}
catch (IOException e) {
e.printStackTrace();
}
}
the program exits with CreateProcess error=740, and tells me that I need higher privilege for this action.
I know that I could make a .lnk with admin priv. at open properties of the exe, but there could be a right way to do this.
I think you can use File class for setting permissions.
File file = new File("File.c");
//but file permission are OS specific.
file.setExecutable(true);
In linux it will work.
If you are using windows then you can run "icacls" command to give permission to the file.
C:\>icacls "D:\test" /grant John:(OI)(CI)F /T
This command can be used to to give permission in windows.
According do MS documentation:
F = Full Control
CI = Container Inherit - This flag indicates that subordinate containers will inherit this ACE.
OI = Object Inherit - This flag indicates that subordinate files will inherit the ACE.
/T = Apply recursively to existing files and sub-folders. (OI and CI only apply to new files and sub-folders). Credit: comment by #AlexSpence.
You can run above command using Runtime.getRuntime().exec("icacls something here");
I hope I helped you.
You need to disable the Tools | Options... | Engines | General | Enable support for testing Windows Store applications option in TestComplete.
Information on how this can affect working with TestComplete from an external application like in your case can be found in the Requirements for Testing Windows Store Applications help topic.
From my Java application I want to create a symbolic link. However my application can run in different circumstances, not all of those permit the creation of symbolic links. I have the following situations:
Linux - can always make a symlink
Windows - can make a symlink if you are running the application as an administrator.
To create the symlink I use Files.createSymbolicLink(). This throws an IOException under Windows when it doesn't have permission. To be precise the exception is:
java.nio.file.FileSystemException: test\link: A required privilege is not held by the client.
I want to be able to tell if I have this permission from the application (Java 7 or newer) before trying to make the symlink. How can I do this?
This code bellow will work only for Windows and comes with Java.
public static boolean AdminAuth() {
String groups[] = (new com.sun.security.auth.module.NTSystem()).getGroupIDs();
for (String group : groups) {
if (group.equals("S-1-5-32-544"))
return true;
}
return false;
}
The SID S-1-5-32-544 is the id of the Administrator group in the Windows operating system.
You can also take a look at this documentation regarding Application Manifest for Windows.
I've implemented an applet and so far has been working with no hassle with Java 6. Recently, when I switched to Java 7 the applet stopped working, showing the following exception in javascript console:
Uncaught Error: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read")
This behavior is consistently reproductible, just switching from one Java version to the other with the Linux command update-java-alternatives.
The applet is self-signed and all its public methods invoke AccessController.doPrivileged(), for example:
public File chooseFile() {
return AccessController.doPrivileged( new PrivilegedAction<File>() {
public File run() {
JFileChooser chooser = new JFileChooser();
chooser.setMultiSelectionEnabled(false);
return chooser.showOpenDialog(null) == JFileChooser.APPROVE_OPTION ?
chooser.getSelectedFile() : null;
}
} );
}
I've solved the problem using a java.policy local file, but requiring special installation procedures is not an option.
Does anybody know which are those Java 7 new security restrictions and/or how to circumvent them?
Some information can be found in Do java applets have to be signed with trusted cert authority with new v7 update 21? and http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html
There will be more restrictions in the next scheduled security update in October 2013.
One requirement will be to switch from a selfsigned applet to a certificate from a trusted authority.
I have an error SecurityException Permission denied: file:/d:/Notes/Notes.jar when I'm trying to start my applet.
I need to use 2 jars in my applet:
Applet.jar - the jar stores the applet's code (the jar is signed and works fine)
Notes.jar - this is a library that allows to work with Lotus Notes
databases.
The first jar is loaded from server, and the second should be loaded from user's laptop (local file that stored on the laptop where the applet should be run).
I'm using the html code:
<APPLET CODE = "com.example.AppletClass" WIDTH = 640 HEIGHT = 480
archive="Applet.jar,file:///${user.apiPath}">
<PARAM NAME = "db_path" VALUE ="${user.dbPath}">
<PARAM NAME = "view_name" VALUE ="${user.viewName}">
Your browser doesn't support applets
</APPLET>
the problem is in the line: archive="Applet.jar,file:///${user.apiPath}"
${user.apiPath} = d:/Notes/Notes.jar
The second jar can't be loaded. But if I move the second jar to the server and load it to client's laptop everything works fine.
Unfortunately the solution is not very good for me.
Is there any possibility to load 2 jars from different places: server and local?
Just noticed...
You writing you have path like a
d:/Notes/Notes.jar
I am not pretty sure but local file paths (in win at least) are using backslash
x:\folder\file.txt
Anyway, that would be more helpful you to point which OS is about.
And one more thing...
The exception says the applet is trying to get jar as
file:/d:/*jar's_folder_path*/jar-name.jar
... but you say the applet requires the jar
d:/Notes/Notes.jar
So I just want to ask does the Notes.jar exist on the client machine?