AccessControlException - in signed applet

Similar Messages

• AccessControlException in signed applet for simply reading local file

  I have a simple applet that reads specified local image files and uploads them to our server. On both Mac OS X and WinXP (firefox and IE7), I get the following error. I signed the applet using an InstantSSL code signing certificate (not so easy getting this to work, but I'm pretty confident I did it correctly).
  java.security.AccessControlException: access denied (java.io.FilePermission /Users/scott/Documents/photos/Ken_and_Scott.jpg read)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
       at java.io.File.length(File.java:813)
       at org.apache.http.entity.mime.content.FileBody.getContentLength(FileBody.java:89)So just on getting the file length, it's throwing this exception. Interestingly, this file passed both file.exists() and file.canRead() checks within the applet (in windows the path is a bit different of course but also passes both those checks). Also, that file has no read restrictions and I can load it in a browser no problem.
  I assume I'm missing a step in the applet code signing process, maybe a step that says I'm allowed to read local files?

  I figured out my issue, the apache HttpClient library needed to be signed too apparently.

• Signed applet not working in firefox - java.security.AccessControlException

  Hello,
  I have a signed applet that works fine in IE 7 but in Firefox I'm getting this exception in the java console:
  java.security.AccessControlException: access denied (java.net.SocketPermission myhost.com resolve)
  I already tried to run the applet with different JRE versions in Firefox with the same result: 1.6.0_01, 1.6.0_02, 1.6.0_03, 1.6.0_05
  I'll appreciate your help.

  thanx 4 replying
  using the browser to view Applet is not recomended that is because if u change the the source-code and recompile the applet then run it using the broswer it will run the old-version
  Also i've found the solution here
  http://www.cs.utah.edu/classes/cs1021/notes/lecture03/eclipse_help.html

• Signed applet sometimes throws AccessControlException

  Hello,
  Apparently I'm not the only one on this forum who's getting AccessControlExceptions in an applet. The strange thing is that I'm not getting them all the time.
  I have a signed applet that's requesting files from a server (http) in regular intervals (thread). When the server sends back a file, it's written to the local filesystem. There's also a logging mechanism that's write files to the filesystem. Normally this applet runs continuously for weeks, months, ...
  This system has been working fine for years now, until a few months ago. Now I sometimes get an AccessControlException while reading a System.getProperty or while reading file from the filesystem. Usually the applet runs fine for day without access problems and then suddenly I get a AccessControlException: Access denied on an action that wasn't a problem the last 1000 times it performed.
  My first thought was that it might be an update of the JVM that was causing it. So I tried downgrading to 1.5, even 1.4 and still got the same problem.
  Does any one has an idea what's causing this? I'm pretty much stuck on this problem.
  Thanks.
  Andy

  May be you have updated the .java files which are related to your applet and if u update the .java files, u need to recompile and need to re-sign the applets
  or
  When you are signing the applet you will tell, how many number of days I think that may be expired...
  otherwise no need....
  This may be one reason.... Once I faced
  May be this will help u

• Signed Applet AccessControlException

  I am seeing some behaviour that seems very weird. I have a signed applet that is trying to connect to a JMS topic. However when I create the topic connection [topicConnectionFactory.createTopicConnection()] I get:
  java.lang.ExceptionInInitializerError caused by
  AccessControlException: access denied (java.util.PropertyPermission... read)
  This is unexpected because (1) the applet is signed, (2) I explicitly (and successfully) perform the following security checks before the createTopicConnection method call:
  security.checkPermission(new AllPermission());
  security.checkPropertiesAccess();
  If anyone has any suggestions, they would be greatly appreciated. Thanks, -mike.
  My full debug trace is:
  [JMSApplet] DEBUG test permissions
  [JMSApplet] DEBUG okay, all permissions
  [JMSApplet] DEBUG okay, property permissions
  java.lang.ExceptionInInitializerError
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Unknown Source)
       at org.jboss.util.NestedThrowable$1.class$(NestedThrowable.java:101)
       at org.jboss.util.NestedThrowable$Util.<clinit>(NestedThrowable.java:101)
       at org.jboss.mq.SpyJMSException.<init>(SpyJMSException.java:67)
       at org.jboss.mq.Connection.authenticate(Connection.java:883)
       at org.jboss.mq.Connection.<init>(Connection.java:238)
       at org.jboss.mq.Connection.<init>(Connection.java:315)
       at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:59)
       at org.jboss.mq.SpyConnectionFactory.createTopicConnection(SpyConnectionFactory.java:78)
       at com.octigabay.pce.web.applets.JMS2JSApplet.setupTopicConnection(JMS2JSApplet.java:278)
       at com.octigabay.pce.web.applets.JMS2JSApplet.start(JMS2JSApplet.java:153)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission org.jboss.util.NestedThrowable.parentTraceEnabled read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at org.jboss.util.NestedThrowable$Util.getBoolean(NestedThrowable.java:123)
       at org.jboss.util.NestedThrowable.<clinit>(NestedThrowable.java:39)
       ... 14 more

  It's an interesting way, and hope you haven't tried...
  Create a subclass of SecurityManager
  * MySecurityManager.java
  * @author  jMike
  public class MySecurityManager extends SecurityManager {   
      /** Voids any Permission */
      public void checkPermission(java.security.Permission permission) {
      /** Voids any Permission */
      public void checkPermission(java.security.Permission permission, Object obj) {
  }Then in your applet add the following line within the constructor(s) or init method.
  try{
      new MySecurityManager();
  } catch (AccessControException ace){
      // User didn't allow the signed applet
      JOptionPane.showMessageDialog(this,ace.getMessage(),"jMike :: Excepci�n",JOptionPane.ERROR_MESSAGE);
  ...The applet must be signed.
  MySecurityManager allows any permission, however, you can control the ones you want.
  Hope to be helpfull, make me know if not
  ...where Java has never gone before.

• Signed applet accessing remote host getting AccessControlException

  I'm fairly new to java development, so hopefully this is an easy answer, but in my searching I haven't yet been able to figure out why this isn't working for me.
  I have a self-signed applet, running on a server in my intranet. I understood that using a signed applet would allow connecting to any host within the applet. In the applet, I'm using the following code to try to connect to a remote host, which is also in my intranet:
  import org.apache.commons.net.ftp.*;
  FTPClient ftp = new FTPClient();ftp.connect("[myhost]");
  //Where [myhost] is the name of the host I'm trying to connect to.This works fine when running from Eclipse Applet Viewer, but when I run from the website, I get the prompt to accept the signature and run. I click run. When the code above runs, I get the following exception:
  ava.security.AccessControlException: access denied (java.net.SocketPermission cmdsp.bsu.edu resolve)
  at java.security.AccessControlContext.checkPermission(Unknown Source)
  at java.security.AccessController.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkConnect(Unknown Source)
  at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
  at java.net.InetAddress.getAllByName0(Unknown Source)
  at java.net.InetAddress.getAllByName(Unknown Source)
  at java.net.InetAddress.getAllByName(Unknown Source)
  at java.net.InetAddress.getByName(Unknown Source)
  at java.net.InetSocketAddress.<init>(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at org.apache.commons.net.DefaultSocketFactory.createSocket(DefaultSocketFactory.java:53)
  at org.apache.commons.net.SocketClient.connect(SocketClient.java:162)
  at org.apache.commons.net.SocketClient.connect(SocketClient.java:250)
  at Deploy.DeployCard(Deploy.java:150)
  Any help would be GREATLY appreciated.
  Thanks!
  Daryl

  Bonjour,
  J'ai le problème que celui énoncé dans ce topic. Je réalise une applet ftp qui doit se connecter à un serveur ftp. J'utilise org.apache.commons.ftp.net et mon appli fonctionne sous eclipse mais pas intégré sur une page web.
  J'ai signé le jar commons-net-1.1.4.jar et le jar qui contient mon code et ça ne fonctionne pas.
  dois-je mettre toutes les classes de commons-net-1.1.4.jar dans mon fichier jar, je ne sais pas comment faire pour inclure commons-net-1.1.4.jar dans mon jar car lorsque je compile, je met le path dans eclipse mais je n'ai normalement pas besoin de mettre le commons-net-1.1.4.jar dans mon jar car les classes sont automatiquement importées.
  Merci de votre aide

• Java.security.AccessControlException: access denied; for a signed applet

  Hi,
  I have a signed applet which is used to read local files. When I call the applet method which is reading the file, from javascript I am getting "java.security.AccessControlException: access denied ". Where as if the method gets called during applet load, file is read without errors? How can I get over this problem?
  If there is a way loading the applet based on a condition from Javascript, please let me know.
  Thanks,

  [http://forums.sun.com/thread.jspa?forumID=421&threadID=5308353]

• Signed applet don't work on XP

  Hi,
  I'am currently working on a point-of-sale (POS) using windows XP/Firefox and a linux apache/jboss server.
  I have developed a dynamic windows library in order to use an industrial printer connected to the POS to perform some printing without confirmation of the customer.
  The POS is under Windows XP SP2 and use Firefox 2.0.0.11/JRE 1.5.0.14.
  This dll is used by a signed applet located on the apache/jboss server.
  The applet is correctly downloaded by the client, but normally i have to wait for the certicat authentification windows appearing and for confirming that i want execute the applet. And instead i have a java exception :
  security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
  security: Aucune information d'horodatage disponible
  java.lang.NullPointerException
       at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
       at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$100(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  security: L'utilisateur a refus� les droits d'acc�s au code
  basic: Taille de cache du chargeur de classes courant : 1
  basic: Termin�...
  basic: Jonction du thread d'applet...
  basic: Destruction de l'applet...
  basic: Elimination de l'applet...
  basic: Sortie de l'applet...
  java.lang.ExceptionInInitializerError
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
       at java.lang.reflect.Constructor.newInstance(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.C:\Program Files\BICImpression\impression_api.dll)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkLink(Unknown Source)
       at java.lang.Runtime.load0(Unknown Source)
       at java.lang.System.load(Unknown Source)
       at applets.impression.Impression.<clinit>(Impression.java:38)
       ... 11 moreand then the certicat authentification windows appears but it's too late, the applet won't never execute ...
  the apache/jboss server is accessed via some gateway, firewal, ... tha t i can't control
  the apache jboss/server on my own PC is accessed directly :
  What is amazing, is that work fine with my own professionnal PC on W2000 SP4, with JRE1.5.0.14 and Firefox 2.0.0.11 :
  when I look in the java console, the java freeze until i have answered this java security window (certicat authentification windows). And when i answered "run" no problem the applet makes her own job.
  here is the code when it works :
  security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
  security: Aucune information d'horodatage disponible
  basic: Plugin modality.pushed
  basic: Modalit� empil�e
  basic: push javax.swing.JDialog[dialog0,379,296,519x323,layout=java.awt.BorderLayout,modal,title=Avertissement - S�curit�,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,22,513x298,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
  basic: Chargement arr�t�...
  basic: Arr�t de l'applet...Conclusion
  POS : Win XP SP2, JRE1.5.0.14 (i tried 1.5.0.6 and 1.6.3 the latest), Firefox 2.0.0.11 (I tried 2.0.0.0 and 3 beta2 don't work anyway)
  my own server/client : W2000 SP4, JRE1.5.0.14, Firefox 2.0.0.11
  Linux server : RHEL4
  It works with IE on the POS with the linux sever but it's not the selected browser.
  It works with IE on the POS with my own server.
  It works with Firefox on the POS with my own server.
  It works with IE on my own server with the linux sever but it's not the selected browser.
  It works with IE on my own server with my own server.
  It works with Firefox on my own server with the linux sever.
  It works with Firefox on my own server with my own server.
  If you have some idea to make it work i'm you're buyer !!
  Thank a lot for reading this, and i apologize for my poor english ...
  greetings,
  Benoit
  Edited by: bendur on Feb 29, 2008 3:49 AM

  Ok I have found my problem :
  On every web pages, we have defined some inactivity timeouts.
  On my own server I have disabled these timeouts but not on the distant timeout.
  And it seems that the timeout (defined in javascript ont he web pages : 3s) has a very bad influence on the launching of my applet ... only with firefox (with IE and Opera no problem)
  My problem is anwsered but the problem keep alive for firefox ...

• File read access denied for signed applet

  Hi:
  I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
  java.lang.Exception: java.security.AccessControlException:
      access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
      private KeyStore ks;
      private Provider provider;
      private static final String providerName    = "PKCS11";
      private static final String providerLibrary = "aetpkss1.dll";
      public void loadKeyStore(String pin) throws IOException,
       CertificateException, KeyStoreException, NoSuchAlgorithmException {
       if (provider == null)
           registerProvider(providerLibrary);
       try {
           ks = KeyStore.getInstance(providerName,provider);
       } catch (Exception e) {
           throw new KeyStoreException("Failed get keystore instance\n"
                           + e.getMessage());
       try {
           ks.load(null, pin.toCharArray());
       } catch (Exception e) {
           throw new KeyStoreException("Failed load keystore\n"
                           + e.getMessage());
      public void registerProvider(String library)
       throws FileNotFoundException, KeyStoreException {
       String fileName;
       if (new File(library).isAbsolute())
           fileName = library;
       else
           fileName = getAbsolutePath(library);
       if (!(new File(fileName).exists()))
           throw new FileNotFoundException("No such file: " + fileName);
       String config = "name = " + providerName + "\n"
           + "library = " + fileName;
       ByteArrayInputStream confStream =
           new ByteArrayInputStream(config.getBytes());
       try {
           provider = new sun.security.pkcs11.SunPKCS11(confStream);
           Security.addProvider(provider);
       } catch (Exception e) {
           throw new KeyStoreException("Can initialize " +
                           "Sun PKCS#11 provider. Reason: " +
                           e.getCause().getMessage());
      private String getAbsolutePath(String lib) throws FileNotFoundException {
       String[] searchPath;
       /* NOTE: This should be modified to suit different versions of   *
        *       Windows and not just Windows XP                         */
       if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
           searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                           "C:\\java" };
       } else {
           searchPath = new String[] { "/usr/local/lib/" };
       for (int i = 0; i < searchPath.length; i++) {
           if ((new File(searchPath[i] + File.separator + lib).exists()))
            return (searchPath[i] + File.separator + lib);
       throw new FileNotFoundException("Library not in search path " + lib);
      }The above code is called by a java script, the class' constructor is empty.
  The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
  The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
  I have also made a CLI application that uses the above code and it works perfectly.
  So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
  The certificate I generated with
  keytool -genkey -keystore mystore -alias me
  keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
  Thanks! Erik

  The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
  It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
  A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

• Signed applet does not grant AudioPermission "record"

  From what I gather, if I have a trusted signed applet sitting on a webpage and
  the visitor accepts (runs) the applet, then they should not need to have:
  grant {
  permission javax.sound.sampled.AudioPermission "record";
  in their java policy file. Well I have done all this (with a certificate from
  Thawte) and posted a thorough example at:
  http://www.livesite.net/JavaSoundTest
  At the bottom of that page there is a "Check permissions" link which will alert
  true/false if we have record permission. Clicking any "Record" link will
  attempt to open a TargetDataLine.
  My experience (and problem) is: record permission must be granted even though
  the applet is signed by a trusted CA.
  I would very much appreciate any help.
  Are you able to record/playback (without granting record permission in your
  java policy files) with the JavaSoundTest applet webpage?
  Is there something I am missing?
  ------ More information ------
  Java Control Panel -> Advance -> Security
  'allow user to grant permissions to signed content' is checked
  Reproducable on:
  MS NT4 w/ IE6
  MS Windows 2000 w/ Firefox 1.5
  MS Windows XP w/ Firefox 1.5
  MS Windows XP w/ IE6
  Fedora FC6 w/ Firefox 2.0
  Also, this happens with a commented-out record permission in the user
  .java.policy file, or when the policy file does not exist.
  ------ Source code: opening the target data line ------
  Using the JavaSoundTest applet page without granted permission, clicking a
  record link will yield this exception in the java console:
  java.security.AccessControlException: access denied (javax.sound.sampled.AudioPermission record)
  at java.security.AccessControlContext.checkPermission
  at java.security.AccessController.checkPermission
  at java.lang.SecurityManager.checkPermission
  at com.sun.media.sound.JSSecurityManager.checkRecordPermission
  at com.sun.media.sound.DirectAudioDevice$DirectDL.implOpen
  at com.sun.media.sound.AbstractDataLine.open
  at net.livesite.jsound.Recorder.run(Recorder.java:161)
  while opening a TargetDataLine as:
  23 private static TargetDataLine line;
  157 line = (TargetDataLine) AudioSystem.getLine( lineInfo );
  158
  159 try
  160 {
  161 line.open( format, (int) format.getSampleRate() );
  162 }
  ------ Source code: Using the security manager ------
  The "Check permissions" link on the TestJavaSound applet page calls this method:
  191 public boolean hasSoundRecPriv()
  192 {
  193 boolean ret = false;
  194
  195 try
  196 {
  197 SecurityManager sm = System.getSecurityManager();
  198 if (sm != null)
  199 {
  200 sm.checkPermission(new AudioPermission("record"));
  201 }
  202 ret = true;
  203 }
  204 catch(SecurityException e)
  205 {
  206 ret = false;
  207 }
  208
  209 return ret;
  210 }
  (This is a continued post from JAVASOUND-INTEREST at SUN.COM)

  Is there something I am missing?1) Applets are not well supported by Sun,
  and are inherently problematic as a reult
  of that.
  2) My experience suggests that the diagnotics
  applet is not reliable for detecting JMF.
  3) I guess the JMF applet is doing checks of
  policy files, despite the signed code.
  You might circumvent most of these problems,
  by using web-start to launch an application.
  Here are some of my tests at launching
  JMF using web-start.
  http://www.javasaver.com/testjs/jmf/

• How to resolve problems in policy file of signed Applet

  Hi to All,
  I want to connect the web site through my Signed Applet which is working as a Proxy server. but i m facing certain problems in my policy file:
  this is my policy file :-
  grant {
  permission java.security.AllPermission "", "";
  permission java.net.SocketPermission "http://www.google.com:4321", "connect, accept,resolve";
  permission java.security.UnresolvedPermission;
  n i got such type of exceptions n my Applet prompt applet not initialized.
  Got connection Socket[addr=/192.168.1.232,port=1200,localport=4321]
  Reading request...
  URI is: http://www.google.com/
  Host to contact is: www.google.com at port 80
  Got request...
  java.security.AccessControlException: access denied (java.net.SocketPermission www.google.com resolve)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1098)
  at java.net.InetAddress.getAllByName(InetAddress.java:1061)
  at java.net.InetAddress.getByName(InetAddress.java:958)
  at java.net.InetSocketAddress.<init>(InetSocketAddress.java:124)
  at java.net.Socket.<init>(Socket.java:179)
  at ProxyApplet.handle(ProxyApplet.java:75)
  at ProxyApplet.<init>(ProxyApplet.java:132)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at java.lang.Class.newInstance0(Class.java:350)
  at java.lang.Class.newInstance(Class.java:303)
  at sun.applet.AppletPanel.createApplet(AppletPanel.java:721)
  at sun.applet.AppletPanel.runLoader(AppletPanel.java:650)
  at sun.applet.AppletPanel.run(AppletPanel.java:324)
  at java.lang.Thread.run(Thread.java:595)
  here 4321 is Port no. which i've as a random port no.
  plz Help
  thnx in advance
  with regards
  pank_naini

  Please, if you can't help me, could you tell me who can I contact ?

• Signed applet throws security exceptions

  Since nobody seems to be reading the Signe Applet forum, I decided to try here:
  Hi all
  I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
  The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
  So, signing will have to work.
  Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
  It works on JVM 1.5.0_06 but not on 1.4.2_08.
  Please help me make if work under any JVM.
  The error I get is:
  Java(TM) Plug-in: Version 1.4.2_08
  Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\miha
  Proxy Configuration: Automatic Proxy Configuration
       URL: http://orion.nil.si/proxy.pac
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  l:   dump classloader list
  m:   print memory usage
  o:   trigger logging
  p:   reload proxy configuration
  q:   hide console
  r:   reload policy configuration
  s:   dump system properties
  t:   dump thread list
  v:   dump thread stack
  x:   clear classloader cache
  0-5: set trace level to <n>
  java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
  TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
  java.lang.NullPointerException
       at net.propero.rdp.ISO.connect(ISO.java:123)
       at net.propero.rdp.MCS.connect(MCS.java:84)
       at net.propero.rdp.Secure.connect(Secure.java:153)
       at net.propero.rdp.Secure.connect(Secure.java:171)
       at net.propero.rdp.Rdp.connect(Rdp.java:498)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
  FATAL: java.lang.NullPointerException: nullWhat is funny, is that I have two applets, and one works and the other one doesn't. It is like this:
  Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
  Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
  All JARs are signed using the same key/certificate.
  Both applets try to connect to the same "host1".
  Both applets try to use the same proxy - which is different from "host1".
  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

• Access denied to a security provider on a signed applet

  Hi,
  I'm having permissions problems to work with a security provider.
  The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
  If I'm working the provider in an signed applet, then there are errors.
  Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
  grant codeBase "file:${{java.ext.dirs}}/*" {
  permission java.security.AllPermission;
  Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
  log:
  <record>
  <date>2012-03-13T12:13:39</date>
  <millis>1331637219126</millis>
  <sequence>17</sequence>
  <logger>appletpdf.appletPdf</logger>
  <level>SEVERE</level>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <thread>11</thread>
  <message>excepcion: {0} </message>
  <exception>
  <message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
  <frame>
  <class>java.security.AccessControlContext</class>
  <method>checkPermission</method>
  <line>393</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>checkPermission</method>
  <line>553</line>
  </frame>
  <frame>
  <class>java.lang.SecurityManager</class>
  <method>checkPermission</method>
  <line>549</line>
  </frame>
  <frame>
  <class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
  <method>checkPermission</method>
  <line>250</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.SunPKCS11</class>
  <method>login</method>
  <line>1036</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>login</method>
  <line>874</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>engineLoad</method>
  <line>764</line>
  </frame>
  <frame>
  <class>java.security.KeyStore</class>
  <method>load</method>
  <line>1201</line>
  </frame>
  <frame>
  <class>apppdf.appPdf</class>
  <method>tPKCS11</method>
  <line>174</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <line>137</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>initapplDPdf</method>
  <line>116</line>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke0</method>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke</method>
  <line>57</line>
  </frame>
  <frame>
  <class>sun.reflect.DelegatingMethodAccessorImpl</class>
  <method>invoke</method>
  <line>43</line>
  </frame>
  <frame>
  <class>java.lang.reflect.Method</class>
  <method>invoke</method>
  <line>616</line>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext$4</class>
  <method>run</method>
  <line>699</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>doPrivileged</method>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext</class>
  <method>handleMessage</method>
  <line>696</line>
  </frame>
  <frame>
  <class>sun.applet.AppletSecurityContextManager</class>
  <method>handleMessage</method>
  <line>69</line>
  </frame>
  <frame>
  <class>sun.applet.PluginStreamHandler</class>
  <method>handleMessage</method>
  <line>273</line>
  </frame>
  <frame>
  <class>sun.applet.PluginMessageHandlerWorker</class>
  <method>run</method>
  <line>82</line>
  </frame>
  </exception>
  </record>
  Fails in the line where the KeyStore is loading:(Pin is correct)
  KeyStore myKeyStore=null;
  Provider p = Security.getProvider("SunPKCS11-Provider-Name");
  myKeyStore = KeyStore.getInstance("PKCS11",p);
  char[] pinData = pin.toCharArray();
  myKeyStore.load(null, pinData);
  Any help would be apreciated.
  Thank you.
  Bye

  Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
  Do backup and restore privileges apply at all over a network mount created via "net use"?
  The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
  user, or is the access check still done with our sync process's run-as user?
  We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
  S-1-5-32-544" group.
  On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
  file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
  My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.

• My signed applet works with 1.4.1 plugin but it doesn't with 1.4.2_02 !!!

  Hi there, I've got problems trying to sign an applet with Java 2. That applet is an FTP which is used for uploading files throught the Browser (just upload).
  I signed my applet with SDK 1.4.1 when I surfed the page which contains it, the applet works properly (the browser had Java plug in 1.4.1) ... the certificate appeared (thawte), I clicked "Yes" for agreeing the certificate .. everything went fine. The problem was when I tried to navigate that page with a Browser with Java Plug in 1.4.2, I agreed the cetificate, but when I tried to upload a file with the applet the following error happens :
  ava.security.AccessControlException: access denied (java.io.FilePermission C:\install\slsk151.wma read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkRead(Unknown Source)
       at java.io.FileInputStream.<init>(Unknown Source)
       at java.io.FileInputStream.<init>(Unknown Source)
       at FtpSigned.upload(FtpSigned.java:463)
       at FtpSigned.run(FtpSigned.java:526)
       at java.lang.Thread.run(Unknown Source)
  after that I downloaded the SDK 1.4.2_02 and I installed the plugin
  1.4.2_02 (build 1.4.2_02-b03)
  I signed tha applet again and it didn't work ...
  please ... I need help!
  Thanks in advance.
  Nico.

  Funny, I had a problem going to _03 when it worked fine in _02. Symptoms: In IE, Sun's plug-in displays security warning prompt for signed applet, and, even though the user clicks YES to accept, all priv operations cause exceptions. It sounds like what you're referring to, but I'm wondering why I didn't see it in _02. Anyway, I'm going to look into the doPriv... stuff to see if that fixes my prob and I'll report back FWIW.

• Security Problems with Signed Applet

  Hello All,
  I need help with signed applets.
  I have an applet pkged in a jar that uses other jars. I have signed the jar containing applet and all the other jars being used. However, when I try to run the applet in IE 6.0.xx, I get the following error
  java.lang.ExceptionInInitializerError
       at aaa.aaa.somemethod(xxx.java:192)
       at aaa.aaa.aaa.access$000(xxx.java:27)
       at aaa.aaa.aaa.$1.run(xxx.java:467)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       ... 3 moreMy application is using Java 1.4.2.xx.
  Any help or pointers would be greatly appreciated.
  Thanks.

  Thanks harmmeijer and mjparme for your responses.
  I made some changes to my application and it does not now require the system property information. But now I am getting another exception related to class loader.
  I made the changes to the console as suggested by harmmeijer, and here is the stack trace. Also, I am not using any JavaScript explicitly.
  Registered modality listener
  Invoking JS method: document
  Invoking JS method: URL
  Referencing classloader: sun.plugin.ClassLoaderInfo@e0a386, refcount=1
  Loading applet ...
  Initializing applet ...
  Starting applet ...
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
       at xxx.xxx.a...<init>(a.java:39)
       at  xxx.xxx.b...<init>(b.java:42)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
       at java.lang.reflect.Constructor.newInstance(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
       at xxx.xxx.a...ToolBus.<init>(a.java:39)
       at xxx.xxx.b....<init>(b.java:42)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
       at java.lang.reflect.Constructor.newInstance(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Modality pushed
  Modality poppedmjparme as to your second point, the action is taking place in the same jar only. No other jar is involved at the stage where I am getting exception.
  Thankyou again and will appreciate your help.
  AC