Applet Security Access

Similar Messages

• Applet security -- accessing files over the Web.

  I guess the topic pretty much sums up my question..
  I have an applet and I want to read a file from over the web.
  After creating a URL, I try to retrieve an inputstream by calling openStream() but I get all the java.security.AccessControlException: access denied rubbish..
  How do I get it working ?

  The applet can only read data from the server where it is saved. For security purposes applets have limited capabilities. They can't write data to a remote hard drive or read data from remote machines. A way around this is to create a "trusted applet". Basically what it does is informs any machine you are trying to access that you wrote this applet and are responsible for any negative outcome. There is a tutorial provided by Sun that can explain this better than I can. Here is the link:
  http://java.sun.com/security/signExample/index.html
  Good luck.

• How to configure JSS 4 with Firefox 21.0 to to use with HTTPS client authentication? It´s supposed that JSS allows an applet to access Mozilla user´s cert

  We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 -
  https://developer.mozilla.org/en-US/docs/JSS/Using_JSS<br />
  http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html<br />
  http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html
  We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting - <br />
  security: Accessing keys and certificate in Mozilla user profile: null<br />
  security: JSS is not configured
  followed by SSK handshake failure when trying to load the client certificate.
  <pre><nowiki>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
  at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
  at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
  at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
  at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
  at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
  at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
  at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
  at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
  at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
  at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
  at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)</nowiki></pre>
  The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM)
  Any help to resolve this issue will be very much appreciated.

  Thank you for your response.
  Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.

• Apparent gap in java applet security on client machine

  I know about signing applets, and both the new and original security models for applets. For my purposes, the original security model for applets is just about perfect. My applets do not need access to the client machine hardware, nor do they need to access any machine other than that which provides them to the client (at least at present).
  What I have been told is that it is not possible for a server of any kind (DB, servlets, &c.) to authenticate an applet. The claim was made that all the security was designed for client security and that a developer's only option is to trust the client machine.
  I can exchange information among my servers over SSL, and secure communications between by servers and applet clients. However, what is there to prevent a bad guy from breaking into a client machine and then capturing and modifying the applet I am relying on to protect the client's sensitive data? Signing the applet tells the user that the applet has not been modified from what I have produced, and so the user should feel confident enough to run it. But what if the applet and related web page is cached, and someone who has, legitimately or not, access to the machine and tries to use the cached copy for inappropriate purposes?
  If my servers can not verify that the applet code accessing them is mine, rather than a variant created to mimic my applet, then that certainly creates a risk for my code, but doesn't it also create a security risk for the client? After all, it is the client's sensitive data I am trying to protect, and I can envision a situation in which a bogus applet mascerades as mine and sends that sensitive data to a bad guy's machine; all this while giving the user the illusion that his data is safe.
  The gap here is either in my understanding of this technology or a gap in java security, so I'll put the question another way also. Is it possible for a server (e.g. an application server such as Tomcat or Sun's application server) to verify that the applet code used to try to connect with them is in fact the applet code that was signed on and served from the same machine and not malicious code masceraing as my code? If so, how does that work, and how does the programmer do it?
  Thanks,
  Ted

  the jar file reqiured is jmf.jar this jar file will there in
  jmf_home/lib
  for example in my mechine
  C:\Program Files\JMF2.1.1e\lib this jar file contain all the file reqired to run the application
  i think you may need some of the dll files also to run see
  if reqiured the then it may throw exception
  java.lang.UnsatisfiedLinkError then put respective dll file to workiing folder or the system32 folder

• When using Java Wizard with Firefox 3.6.23 on a Mac OS X 10.6.8 it keep getting an error message: "The Java Wizard cannot run. Please configure your browser to allow Java applets to access the filesystem." Have NO idea how to fix this problem.

  When trying to upload files I received the following error: "The Java Wizard cannot run. Please configure your browser to allow Java applets to access the filesystem."

  If the problem is with a site that is hosted using MOVEit DMZ by Ipswitch, please notify the site owner of the issue and ask them to apply the patch that is available on the support site to resolve the issue.
  This is a better resolution than downgrading your version of Java that was updated due to security issues.

• Re: Getting around Applet security

  I don't think this is an Applet Security problem associated with accessing the xml files on the server using URL connection. This will not in itself produce the exception unless the files are on a different server to the one the Applet was loaded from.

  According to http://java.sun.com/sfaq/, There is
  no explicit support in the JDK applet API for
  persistent state on the client side. However, an
  applet can maintain its own persistent state on the
  server side. That is, it can create files on the
  server side and read files from the server
  side.
  I believe that if you use Applet.getCodeBase() you
  can get the directory containing the applet, and
  using that, you can specify exactly which files you
  want.Accessing the XML file isn't my problem it is accessing the parser. I can't access the parser on the server and it is not an option to change the policy file on all clients to allow to use their JRE's parser.

• Applet security settings for Java 1.1.8

  I receive a security exception because an applet running with JRE 1.1.8 tries to call System.getProperties().
  Is there a way I can allow the applet to access the properties?
  I know that there is a way in new JRE's with the java.policy files but I haven't found any information about that kind of possibilty in 1.1.8
  Thanks

  Okay, let's say you do find a way to modify the java.policy file to circumvent the applet restrictions (I don't think you can fully, but let's just do so for argument's sake). Now, you have an applet. Downloadable code. Are you going to instruct users to modify their java.policy file locally? Does the IE or Oracle JVM even read that file?
  Sign the applet or make a full-blown, downloadable application (if using Swing, you will need to have users also bundle the Java 1.2 classes). You don't have too many options.
  - Saish
  "My karma ran over your dogma." - Anon

• Applet security problems while connecting with database

  i hav problem in the japplet connecting with sql database
  it gives security access denied error while running program as my driver is jdbc:odbc:bridge driver
  so for resolving this error how can i turn off security of applet and also which security permission to be change?
  plz reply

  baftos wrote:
  Maybe I should question the need to access a local database on the client PC.
  But anyway, the normal way to obtain security clearance is to use a signed applet.
  Another possibility is to grant the applet all permissions by modifying the security policy file of each client to grant your applet 'all permissions'. Note that in this case you must have access to each and every client PC or ask them to do so before running the applet.Database access at client's machine is ridiculous. I doubt this is what OP wants.
  @OP: request you to post the original security issue and the environment details.
  Thanks,
  Mrityunjoy

• Applet file access problem

  Hi, I am new to applets and I am trying to build an applet that needs input from other files on the server. How can I give my applet access to these files? I found some code with URLConnection, but I cannot seem to make it work. I am getting AppletNotLoaded appearing on the bottom of the webpage. Here is some of the URLConnection code, if anyone knows of mistakes in it:
  URL url;
  URLConnection urlConn;
       //DataInputStream     cfile;
       url = new URL(getCodeBase().toString() + "/R2Code/ourcode/data/"+filename+".con");
       urlConn = url.openConnection();
  urlConn.setDoInput(true);
  urlConn.setUseCaches(false);
  BufferedReader cfile = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
  //BufferedReader cfile = new BufferedReader(new FileReader (filename+".con"));
       cfile.readLine();
       StringTokenizer st = new StringTokenizer(cfile.readLine());
  I am trying to read in a text file, which has the ending ".con" if that concerned anyone. Any advice would be great, thanks.

  Here is the specific error from java console:
  load: class ProteinApplet3.class not found.
  java.lang.ClassNotFoundException: ProteinApplet3.class
  at sun.applet.AppletClassLoader.findClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.applet.AppletClassLoader.loadClass(Unknown Source)
  at java.lang.ClassLoader.loadClass(Unknown Source)
  at sun.applet.AppletClassLoader.loadCode(Unknown Source)
  at sun.applet.AppletPanel.createApplet(Unknown Source)
  at sun.plugin.AppletViewer.createApplet(Unknown Source)
  at sun.applet.AppletPanel.runLoader(Unknown Source)
  at sun.applet.AppletPanel.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
  Caused by: java.io.IOException: open HTTP connection failed.
  at sun.applet.AppletClassLoader.getBytes(Unknown Source)
  at sun.applet.AppletClassLoader.access$100(Unknown Source)
  at sun.applet.AppletClassLoader$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  ... 10 more
  I am also getting errors saying that certain classes cannot be found, like point3f or anything from vecmath. Is there something to be done to fix this?
  It has to be finding the applet, just not loading it because its reading through the list of imports...

• After downloadeding the latest Java plugin, I start to receive "Please configure your browser to allow Java applets to access the filesystem" message when I try to run a download wizard. What do I need to do? BTW, IE does not have this problem.

  I had no problem using a download wizard Java applet to download file to my computer from an SFTP site using Firefox. When I tried to do the same thing with Chrome, I was told to download the latest plugin. Once I did that, I receive the following message when I run the downlaod wizard:
  The Java Wizard cannot run.
  Please configure your browser to allow Java applets to access the filesystem.
  I got the same message using Firefox and Chrome. However, I have no problem using IE to run the same download wizzard. Please help.

  If the problem is with a site that is hosted using MOVEit DMZ by Ipswitch, please notify the site owner of the issue and ask them to apply the patch that is available on the support site to resolve the issue.
  This is a better resolution than downgrading your version of Java that was updated due to security issues.

• Applet Security loading & running on local PC

  I understnd the limits of an Applet loaded from a server to a local PC. What I am trying to do is test my Applet (JApplet actually) as I create it. I have some GIF and JPG files that need to be loaded from the same DIR that the JApplets HTML file is in. When I run the Applet in appletviewer it works fine, when I run it in IE5.5 I get security errors and the Applet fails to initialize.
  I have read the online section on applet security. It seems to me that my applet 'thinks' it is being loaded from a remote server.
  The online HTML talks about a properties file that can be edited to include the rights to read and/or write to specific local files. Anybody know the name of this file ??
  It should not make a difference that I am doing my work on a W2K Server, should it ???
  Any specific help would be greatly appreciated !!

  java.security.AccessControlException: access denied (java.io.FilePermission CHR.gif read)
  All I try to do in my code is place a GIF as am Icon on a JButton.
  //add buttons to controlPanel
          for(int i=0;i<siteNames.length; i++){
              icon = new ImageIcon(icons);
  JButton b = new JButton(siteNames[i],icon);
  b.addActionListener(listener);
  b.setActionCommand(siteNames[i]);
  controlPanel.add(b);
  Where icons[i] is a string listing of GIF files. The code works fine in IE5.5 without the icons on the buttons. Only when I put the icons on the buttons do I get the access denied error.
  Any Ideas ????
  Could it be the fact that I am doing my coding and testing on a W2K Server ????

• ActiveX bridge uses applet security model???

  Hello,
  During execution my ActiveX bean has no permissions to make something, but I need it at least able to access files. ActiveX bridge documentation says that the bean is executed with all permissions. Is something was changed in 1.5 release?
  Anton

  Seems like axbridge doesnt use the applet security model if you have the following folder structure:
  <JRE>\axbridge\bin\mybean.dll
  <JRE>\axbridge\lib\mybean.jar
  But then there are a lot of bugs, and the bug workaround is to rename the lib folder after registering the dll (and updating the path to the jarfile in the registry):
  <JRE>\axbridge\bin\mybean.dll
  <JRE>\axbridge\bug_workaround_lib\mybean.jar
  But then we get another problem: the applet security model is turned on...

• Providing un-secured access to a web report.

  Hello Experts,
  We have been sending out 'Load Status' emails on a daily basis for various BW loads. Recently we discontinued this process and set up a report based on one of the statistics cube. We got out the link for this web-report to all the users in our daily load status distribution list.
  The problem now is that when you click on the link, it pops out a window asking for the log-on information to our production system. But it looks like a few of the users do not have access to the production system and are hence unable to access this web-report.
  Is there any way to allow un-secured access to this particular web-report to all users i.e.without a screen asking for log-on information?Is it possible to set up a generic user id for this report that allows all the users to access this report without actually giving them access to our production system?
  Thanks
  Arvind

  Arvind,
  What is your BI system version ?
  if it is 3.x - then the URL will have a link to your server followed by a Question mark "?" and then some parameters.
  The value till the ? mark is the Web service for the same - you can make this Anonymous in SICF but then this would mean that all queries can be accessed through this URL ...
  else create an RFC enabled function module based on RRW3_Query_View_data and then use this for your query and expose the same as a web service and make it anonymous ... or have a BSP page to do the same....

• Oracle8i JDBC Guide Example Not Working-applet security

  I was having problems with a JDK1.1.7 applet that I want to get
  working with Netscape 4.07 and my Oracle 8.0.5 installation. I
  am using Netscape's Signtool, the Capabilities classes, and I
  have packaged the Oracle classes111.zip contents into my Signed
  JAR file. I got a copy of the Oracle 8i JDBC Developer's Guide
  and Reference which has an example of what I'm trying to do.
  However, I get the same error running the example. Can anyone
  tell me what I'm doing wrong?
  Please help...
  stephen
  The Java console output is as follows:
  # Applet debug level set to 9
  netscape.security.AppletSecurityException: security.Couldn't
  connect to '47.129.164.42' with origin from ''.
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :914)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :926)
  at
  netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
  :795)
  at
  java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
  at java.net.Socket.<init>(Socket.java:245)
  at java.net.Socket.<init>(Socket.java:123)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:176)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:146)
  at oracle.sqlnet.SQLnet.Connect(SQLnet.java:120)
  at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:983)
  at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:158)
  at
  oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:
  93)
  at
  oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:146)
  at java.sql.DriverManager.getConnection(DriverManager.java:90)
  * at java.sql.DriverManager.getConnection(DriverManager.java:132)
  at MainApplet.button2_actionPerformed(MainApplet.java:196)
  at
  MainApplet$MainApplet_button2_actionAdapter.actionPerformed(MainA
  pplet.java:255)
  at java.awt.Button.processActionEvent(Button.java:267)
  at java.awt.Button.processEvent(Button.java:240)
  at java.awt.Component.dispatchEventImpl(Component.java:1789)
  at java.awt.Component.dispatchEvent(Component.java:1715)
  at
  java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispat
  chThread.java:83)
  at
  java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
  at
  netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(
  DerivedAppletFrame.java:911)
  null

  No, it is not, but this is the reason for using Netscape's
  Capabilities API. It contains a PrivilegeManager that works with
  Java's Applet Security Manager to grant permissions for the
  applet.
  Stephen Brewell (guest) wrote:
  : Is the database server on the same machine as your web server?
  : I don't think applets can connect to a machine other than that
  : from which it was served.
  null

• NIGHTMARE! Signed Applet - No Access. Please Help.

  Hi:
  I'm trying to make a signed applet gain access to my directory structure.
  I created a simple applet to test with one line:
  sErr = System.getProperty("user.dir");
  The code is below.
  I sign it using the following:
  keytool -genkey -keyalg rsa -storepass MyCerts
  As you can see I'm using the default keystore but I've tried it by using -keystore MyKeystore too.
  It runs me through all the questions which I answer, no problems.
  Then I sign it:
  jarsigner -signedjar SSignedApplet.jar SignedApplet.jar MyCerts
  It asks for the passwords which I enter.
  It completes without error and the SSignedApplet.jar file shows up in the directory.
  If I open the signed jar file it has all 3 of the files in the META-INF folder and the Manifest file looks right to me.
  I upload the jar and the Default.asp file to a Web server (I've tried localhost and a remote host).
  I open the page and the pop up comes up asking if I want to trust the unverified applet. I click 'Run'.
  Once the applet is 'Started' I click the 'Get Properties' button and I get the error:
  access denied (java.util.PropertyPermission user.dir read)
  I've tried 2 examples that work fine on my machine (that I didn't write).
  The first is by Francois Orsini (Derby Demo) and the other is by Laura MacDougal (successfully wrote a file to my user.dir directory).
  No matter what I do, I can't sign an applet and make it access anything.
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  <html lang="en-US">
  <head>
  <script language="JavaScript" type="text/javascript">
  <!--
  function getProp()
       oApplet = document.SampleApplet;
       oApplet.getProp();
       alert(oApplet.sErr);
  // End SCRIPT -->
  </script>
  </head>
  <body bgcolor="#ffffff" style="margin:0px auto;width:800px;padding:0px">
  <form name="fmLogin" action="" method="POST">
  <table width="650" align="center" cellpadding="0" cellspacing="0">
       <tr>
            <td>Login</td>
            <td><input name="Login"></td>
       </tr>
       <tr>
            <td>Password</td>
            <td><input name="Password"></td>
       </tr>
       <tr>          
            <td colspan="2"><input type="button" onclick="getProp();" value="Get Property"></td>
       </tr>
  </table>
  </form>
  <APPLET CODE="SignedApplet.SampleApplet.class" WIDTH=1 HEIGHT=1 NAME="SampleApplet" ARCHIVE="SSignedApplet.jar"></APPLET>
  </body>
  </html>
  package SignedApplet;
  import java.applet.*;
  import java.io.*;
  import java.util.*;
  public class SampleApplet extends java.applet.Applet {
      public String sErr = "";
      public void init() {
          // TODO start asynchronous download of heavy resources
      public void getProp()
          try
              sErr = System.getProperty("user.dir");
          catch(Exception exp)
              sErr = exp.getMessage();
      // TODO overwrite start(), stop() and destroy() methods
  }

  Thank you for reading my reply in your other thread:
  http://forum.java.sun.com/thread.jspa?threadID=762212&messageID=4368224#4368224
  If you've really run through it you would have known that code called from
  javascript is not trusted and you have to use doprivileged (hey its in bold...
  why would that be?).
  Call getProp from init within the applet and you've got no problem.
  As for your imageIcon, creating one with string as a parameter
  the string is used as input for a File. I had no problem loading one with a signed applet.
  I'll post the example later in your other thread.