Applet security?

Hello all,
I need some help about publishing my application as an applet from my PC. As an application my program works fine.
1) I have developed an application (which extends JApplet class). I am using some jar files (which have been written by other people) in my application too (by defining paths of those jar files with classpath).
2) What I did is I put all my class files and the jar files that I use into a new jar file
3) I created an html file (a.html) which takes my jar file and I used Java HTML Converter to convert it to a suitable format.
4) I used keytool -genkey to create my key and I signed my applet.
5) When I open the a.html file I see that my user interface appears. But there are some problems:
a) I can't see my images that should be on the buttons.
b) My application does not work.
What is wrong in my process? My HTML files and the jar file I created are all in my working directory.
Thanks for any help

(1) Did you put the images in the Jar along with your class files?
(2) What code are you using to create the image? In Applets you need to use Applet method getImage(), otherwise it will look for the images on the local machine, which will of course result in a security exception.
Image im = getImage(getCodebase, "imagename");
ImageIcon ic = new ImageIcon(im);

Similar Messages

  • Oracle8i JDBC Guide Example Not Working-applet security

    I was having problems with a JDK1.1.7 applet that I want to get
    working with Netscape 4.07 and my Oracle 8.0.5 installation. I
    am using Netscape's Signtool, the Capabilities classes, and I
    have packaged the Oracle classes111.zip contents into my Signed
    JAR file. I got a copy of the Oracle 8i JDBC Developer's Guide
    and Reference which has an example of what I'm trying to do.
    However, I get the same error running the example. Can anyone
    tell me what I'm doing wrong?
    Please help...
    stephen
    The Java console output is as follows:
    # Applet debug level set to 9
    netscape.security.AppletSecurityException: security.Couldn't
    connect to '47.129.164.42' with origin from ''.
    at
    netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
    :914)
    at
    netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
    :926)
    at
    netscape.security.AppletSecurity.checkConnect(AppletSecurity.java
    :795)
    at
    java.lang.SecurityManager.checkConnect(SecurityManager.java:718)
    at java.net.Socket.<init>(Socket.java:245)
    at java.net.Socket.<init>(Socket.java:123)
    at oracle.sqlnet.SQLnet.Connect(SQLnet.java:176)
    at oracle.sqlnet.SQLnet.Connect(SQLnet.java:146)
    at oracle.sqlnet.SQLnet.Connect(SQLnet.java:120)
    at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:983)
    at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:158)
    at
    oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:
    93)
    at
    oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:146)
    at java.sql.DriverManager.getConnection(DriverManager.java:90)
    * at java.sql.DriverManager.getConnection(DriverManager.java:132)
    at MainApplet.button2_actionPerformed(MainApplet.java:196)
    at
    MainApplet$MainApplet_button2_actionAdapter.actionPerformed(MainA
    pplet.java:255)
    at java.awt.Button.processActionEvent(Button.java:267)
    at java.awt.Button.processEvent(Button.java:240)
    at java.awt.Component.dispatchEventImpl(Component.java:1789)
    at java.awt.Component.dispatchEvent(Component.java:1715)
    at
    java.awt.EventDispatchThread$EventPump.dispatchEvents(EventDispat
    chThread.java:83)
    at
    java.awt.EventDispatchThread.run(EventDispatchThread.java:135)
    at
    netscape.applet.DerivedAppletFrame$AppletEventDispatchThread.run(
    DerivedAppletFrame.java:911)
    null

    No, it is not, but this is the reason for using Netscape's
    Capabilities API. It contains a PrivilegeManager that works with
    Java's Applet Security Manager to grant permissions for the
    applet.
    Stephen Brewell (guest) wrote:
    : Is the database server on the same machine as your web server?
    : I don't think applets can connect to a machine other than that
    : from which it was served.
    null

  • Re: Getting around Applet security

    I don't think this is an Applet Security problem associated with accessing the xml files on the server using URL connection. This will not in itself produce the exception unless the files are on a different server to the one the Applet was loaded from.

    According to http://java.sun.com/sfaq/, There is
    no explicit support in the JDK applet API for
    persistent state on the client side. However, an
    applet can maintain its own persistent state on the
    server side. That is, it can create files on the
    server side and read files from the server
    side.
    I believe that if you use Applet.getCodeBase() you
    can get the directory containing the applet, and
    using that, you can specify exactly which files you
    want.Accessing the XML file isn't my problem it is accessing the parser. I can't access the parser on the server and it is not an option to change the policy file on all clients to allow to use their JRE's parser.

  • Applet Security loading & running on local PC

    I understnd the limits of an Applet loaded from a server to a local PC. What I am trying to do is test my Applet (JApplet actually) as I create it. I have some GIF and JPG files that need to be loaded from the same DIR that the JApplets HTML file is in. When I run the Applet in appletviewer it works fine, when I run it in IE5.5 I get security errors and the Applet fails to initialize.
    I have read the online section on applet security. It seems to me that my applet 'thinks' it is being loaded from a remote server.
    The online HTML talks about a properties file that can be edited to include the rights to read and/or write to specific local files. Anybody know the name of this file ??
    It should not make a difference that I am doing my work on a W2K Server, should it ???
    Any specific help would be greatly appreciated !!

    java.security.AccessControlException: access denied (java.io.FilePermission CHR.gif read)
    All I try to do in my code is place a GIF as am Icon on a JButton.
    //add buttons to controlPanel
            for(int i=0;i<siteNames.length; i++){
                icon = new ImageIcon(icons);
    JButton b = new JButton(siteNames[i],icon);
    b.addActionListener(listener);
    b.setActionCommand(siteNames[i]);
    controlPanel.add(b);
    Where icons[i] is a string listing of GIF files. The code works fine in IE5.5 without the icons on the buttons. Only when I put the icons on the buttons do I get the access denied error.
    Any Ideas ????
    Could it be the fact that I am doing my coding and testing on a W2K Server ????

  • ActiveX bridge uses applet security model???

    Hello,
    During execution my ActiveX bean has no permissions to make something, but I need it at least able to access files. ActiveX bridge documentation says that the bean is executed with all permissions. Is something was changed in 1.5 release?
    Anton

    Seems like axbridge doesnt use the applet security model if you have the following folder structure:
    <JRE>\axbridge\bin\mybean.dll
    <JRE>\axbridge\lib\mybean.jar
    But then there are a lot of bugs, and the bug workaround is to rename the lib folder after registering the dll (and updating the path to the jarfile in the registry):
    <JRE>\axbridge\bin\mybean.dll
    <JRE>\axbridge\bug_workaround_lib\mybean.jar
    But then we get another problem: the applet security model is turned on...

  • Opening and closing a frame from an applet security problem

    can I open a frame or a window from an applet and close the frame by using
    System.exit(0) for the frame or will it throw a security problem.

    I am using system.exit(0) to exit the JVM.
    dispose()
    Releases all of the native screen resources used by this Window, its subcomponents, and all of its owned children. That is, the resources for these Components will be destroyed, any memory they consume will be returned to the OS, and they will be marked as undisplayable.
    If this frame have to be close and open again don't use dispose.
    there is no check whether a frame is active? what you can do is set the the new frame to null (frame = null) and also when you dispose it, this will let you know if the frame is active or not.
    Noah

  • Apparent gap in java applet security on client machine

    I know about signing applets, and both the new and original security models for applets. For my purposes, the original security model for applets is just about perfect. My applets do not need access to the client machine hardware, nor do they need to access any machine other than that which provides them to the client (at least at present).
    What I have been told is that it is not possible for a server of any kind (DB, servlets, &c.) to authenticate an applet. The claim was made that all the security was designed for client security and that a developer's only option is to trust the client machine.
    I can exchange information among my servers over SSL, and secure communications between by servers and applet clients. However, what is there to prevent a bad guy from breaking into a client machine and then capturing and modifying the applet I am relying on to protect the client's sensitive data? Signing the applet tells the user that the applet has not been modified from what I have produced, and so the user should feel confident enough to run it. But what if the applet and related web page is cached, and someone who has, legitimately or not, access to the machine and tries to use the cached copy for inappropriate purposes?
    If my servers can not verify that the applet code accessing them is mine, rather than a variant created to mimic my applet, then that certainly creates a risk for my code, but doesn't it also create a security risk for the client? After all, it is the client's sensitive data I am trying to protect, and I can envision a situation in which a bogus applet mascerades as mine and sends that sensitive data to a bad guy's machine; all this while giving the user the illusion that his data is safe.
    The gap here is either in my understanding of this technology or a gap in java security, so I'll put the question another way also. Is it possible for a server (e.g. an application server such as Tomcat or Sun's application server) to verify that the applet code used to try to connect with them is in fact the applet code that was signed on and served from the same machine and not malicious code masceraing as my code? If so, how does that work, and how does the programmer do it?
    Thanks,
    Ted

    the jar file reqiured is jmf.jar this jar file will there in
    jmf_home/lib
    for example in my mechine
    C:\Program Files\JMF2.1.1e\lib this jar file contain all the file reqired to run the application
    i think you may need some of the dll files also to run see
    if reqiured the then it may throw exception
    java.lang.UnsatisfiedLinkError then put respective dll file to workiing folder or the system32 folder

  • Applet Security help for a newbie

    I have an applet that works as an IRC client, still needs a lot of work. I have the basics working, but before I continue fixing it up I need some help. I've searched all over the forums, and my lack of Java knowhow leaves me confused.
    I have no idea how to use the forte debugger or the J++ debugger, so i'm building the classes everytime and testing them in IE on my own machine.
    I got this error first:
    java.security.AccessControlException: access denied (java.net.SocketPermission irc.enterthegame.com resolve)
    so I did a lot of searching and found that by adding the following lines to my java.policy file in my program files\java\j2re1.4.0\lib\security folder that it would work:
    permission java.net.SocketPermission "*:80", "connect,accept,resolve";
    permission java.net.SocketPermission "*:6667", "connect,accept,resolve";
    Unfortunately if I want to test my applet on another computer or just use it, it means I have to add these lines on every machine I want to use. I think.
    So I did some more searching on here...and now I think I have to sign my applet. I followed the instructions from this link http://developer.java.sun.com/developer/qow/archive/167/index.jsp
    And that all went well. But what do I do now? I took out those two permission lines from my java.policy file and it's back to square one. Do I need to do something with the .jar file that I created? Can someone give me a hand here? Thanks, I appreciate it

    Is this question really hard or something?

  • Java applet security

    hello all, i was just wondering if there is any secure way to send information from a java applet to a server, for example a number for storage in a database? I would like to create a very simple game which send the high score back to the server without any possibility of that information being falsified.
    Thanks for any advice received.
    Dori

    Not really. You'd have to trust the users PC, which you can't.
    You can make it harder to submit wrong values, but you can't make it impossible.

  • Java applet security file.list()

    I am trying to read the directory structure from a signed applet. I
    have created the applet and provided it with the
    UniversalFileAccess. I am able to read a specific file, and see all
    the contents of the file. I am wanting to performa simple
    directory listing vie the following code.
    My browser is Communictor 4.76 on Win 2000.
    blah.. blah...
    if(browser.indexOf("netscape") >= 0){
    //Assert Netscape permissions
    try{
    // tried UniversalFileRead, UniversalFileAccess,
    UniversalPropertyWrite,
    PrivilegeManager.enablePrivilege("UniversalFileRead");
    System.out.println("Netscape now has UniversalFileRead
    privilege.");
    } catch (netscape.security.ForbiddenTargetException e1) {
    System.out.println("Permission to read file system denied by
    user.");
    e1.printStackTrace();
    } catch(Throwable e){
    System.out.println("Could not enable privilege." +
    e.getMessage());
    e.printStackTrace();
    try {
    File f = new File("c:\\temp\\");
    String [] fileList = a.list();
    } catch (Throwable e) {
    System.out.println("File List failed");
    e.printStackTrace();
    I keep getting a secuity exception that I do not have priveledes to
    perform this action.
    Can anyone help!!!!!!!! I am on a deadline, and this is working just
    fine with IE.
    Please reply directly to me, as this is the first time I've ever posted
    to this newsgroup. My email is [email protected]
    Thanks,
    James Kurfees

    This question has been asked many times in these forums.
    There is no way to prevent this from a determined reverse engineer.
    Search for java obfuscators, which can help a little bit.
    The only way to prevent code stealing is to run it on your own server,
    which means not to use applets, but servlets/JSP. I am sure this is
    not what you want to hear.

  • Applet security settings for Java 1.1.8

    I receive a security exception because an applet running with JRE 1.1.8 tries to call System.getProperties().
    Is there a way I can allow the applet to access the properties?
    I know that there is a way in new JRE's with the java.policy files but I haven't found any information about that kind of possibilty in 1.1.8
    Thanks

    Okay, let's say you do find a way to modify the java.policy file to circumvent the applet restrictions (I don't think you can fully, but let's just do so for argument's sake). Now, you have an applet. Downloadable code. Are you going to instruct users to modify their java.policy file locally? Does the IE or Oracle JVM even read that file?
    Sign the applet or make a full-blown, downloadable application (if using Swing, you will need to have users also bundle the Java 1.2 classes). You don't have too many options.
    - Saish
    "My karma ran over your dogma." - Anon

  • Applet security problems while connecting with database

    i hav problem in the japplet connecting with sql database
    it gives security access denied error while running program as my driver is jdbc:odbc:bridge driver
    so for resolving this error how can i turn off security of applet and also which security permission to be change?
    plz reply

    baftos wrote:
    Maybe I should question the need to access a local database on the client PC.
    But anyway, the normal way to obtain security clearance is to use a signed applet.
    Another possibility is to grant the applet all permissions by modifying the security policy file of each client to grant your applet 'all permissions'. Note that in this case you must have access to each and every client PC or ask them to do so before running the applet.Database access at client's machine is ridiculous. I doubt this is what OP wants.
    @OP: request you to post the original security issue and the environment details.
    Thanks,
    Mrityunjoy

  • Applet Security (cant write to local drive)

    Hi, I am developing a simple applet on a local machine and I want this applet to have the ability to a file somewhere on the local hard drive.
    I've added the code to write to a file data.txt, when the code executes I get the exception error:
    com.ms.security.SecurityExceptionEx[Scribbler.saveData]: cannot access file data.txt
         at com/ms/security/permissions/FileIOPermission.check (FileIOPermission.java)
    Is there anyway I can allow this applet access to my harddrive?
    Thanks very much, chris.

    You need to sign the JAR containing your Applet.
    Search these forums for "signing applet" - this question gets asked and answered regularly and there are some very comprehensive answers rattling around somewhere.

  • Applet Security Issue in Vista?

    I'm having a strange problem where I'm getting a permission violation while trying to read a file in an applet. This file is on the server-side and should therefore not be subject to any read/write restrictions. Strangely enough, I think at one point it was working fine. I'm desperate for ideas about this.
    File structure:
    index.html
    data -> ONETOR2005.txt
    applets.jar
    inside a class in applets.jar there is a read on the file "./data/ONETOR2005.txt" which causes the permission failure. Please email me with any ideas!
    [email protected]

    Is this what you needed?
    Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.io.FilePermission .\data\ONETOR5005.txt read)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkRead(Unknown Source)
         at java.io.File.exists(Unknown Source)
         at com.csvreader.CsvReader.<init>(CsvReader.java:127)
         at com.csvreader.CsvReader.<init>(CsvReader.java:151)
         at com.csvreader.CsvReader.<init>(CsvReader.java:163)
         at tornadovis.TornadoDataParser.parseFile(TornadoDataParser.java:56)
         at tornadovis.TornadoVisInitializer.actionPerformed(TornadoVisInitializer.java:76)
         at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
         at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
         at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
         at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
         at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
         at java.awt.Component.processMouseEvent(Unknown Source)
         at javax.swing.JComponent.processMouseEvent(Unknown Source)
         at java.awt.Component.processEvent(Unknown Source)
         at java.awt.Container.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)

  • Java Applet + Security: blacklist: hasBeenModifiedSince

    I am trying to understand java blacklist.
    I am working on an applet and in my java console I get the following errors.
    security: blacklist: hasBeenModifiedSince 1366405605649 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405649631 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405733469 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405327880 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405327880 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405992865 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405327978 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405992725 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405327719 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405993102 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405802813 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405802919 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405324808 (we have 1366405324565)
    security: blacklist: hasBeenModifiedSince 1366405994221 (we have 1366405324565)
    All my jars are signed and if there are any signed third party jars I resign the. Where can i read more about jar blacklisting. or what is causing these errors to be thrown.

    Number looks like a unix timestamp, IfModifiedSince is a HTTP Caching-Header. Maybe plugin calls home, lets someone third party ask for the signed jars, and than compares the two. You are "working on" it, is it possible that the applet you load is another one than the public accessible, maybe from a dev-server renamed to be the original one?
    Sorry, my fault, looks like a new behaviour, the timestamp shown is fix, it has nothing to do with my brain dump above.
    Edited by: 988683 on 23.04.2013 04:38

Maybe you are looking for

  • 5s not synching with itunes 11 windows 7 64 bit

    For some reason my 5s is not synching with itunes. I have literally tried everything! When I connect my phone to my laptop and open itunes, nothing shows up. all the drivers are installed and i don't know what to do!... Haven't synched my phone in ov

  • Trouble starting lm_sensors - broken ACPI somehow?

    I'm doing a hardware project that absolutely needs the temperature sensors to work (I'm sure Nocona Xeons at least can report their temperature, right?). I tried to start lm_sensors but it gives me an error : [ 4615.922564] smsc47m1: Found SMSC LPC47

  • Count rows returned in a subquery in pl/sql block

    Hi, I'm working on a trigger in Oracle 11 to check that a student has met prerequisites before enrolling in a class. I need to determine how many rows came back on the query in order to determine if I should raise an exception or not. The following i

  • Restored from backup - trouble authorizing some items

    I had to restore from a backup. It now won't authorize about 100 items to be played or synced with my iPod. It is asking me for my old Apple ID that I changed when I got my mac as I then had a .mac account to use. What can I do to get all those purch

  • Why does address book quit responding in lion?

    Since installing Lion on my MacBook Pro, the address book, after opening, quits responding and will only close with a force quit. What should I do to fix it?