Problem in signed applet
Hi Experts,
I have signed an applet, the certificate is imported and the certificate is in the trusted sertificate lists.
but even after that I am getting accesscontrolexception()
The java console gives as follows
Java Plug-in 1.5.0_10
Using JRE version 1.5.0_10 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\aparajith_vangal
network: Loading user-defined proxy configuration ...
network: Proxy list:
network: Proxy override: null
network: Done.
network: Loading manual proxy configuration ...
network: Done.
network: Proxy Configuration: Manual Configuration
Proxy:
Proxy Overrides:
basic: Cache is enabled
basic: Location: C:\Documents and Settings\aparajith_vangal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
basic: Maximum size: unlimited
basic: Compression level: 0
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
basic: Registered modality listener
liveconnect: Invoking JS method: document
liveconnect: Invoking JS method: URL
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@a6aeed, refcount=1
basic: Added progress listener: sun.plugin.util.GrayBoxPainter@129f3b5
basic: Loading applet ...
basic: Initializing applet ...
basic: Starting applet ...
security: Loading Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_1\lib\security\cacerts
security: Loaded Root CA certificates from C:\PROGRA~1\Java\JRE15~1.0_1\lib\security\cacerts
security: Loading Deployment certificates from C:\Documents and Settings\aparajith_vangal\Application Data\Sun\Java\Deployment\security\trusted.certs
security: Loaded Deployment certificates from C:\Documents and Settings\aparajith_vangal\Application Data\Sun\Java\Deployment\security\trusted.certs
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Loading certificates from Internet Explorer TrustedPublisher certificate store
security: Loaded certificates from Internet Explorer TrustedPublisher certificate store
security: Checking if certificate is in Deployment permanent certificate store
liveconnect: Invoking method: public java.lang.String FileChooser.open(java.lang.String)
liveconnect: Needs conversion: java.lang.String --> java.lang.String
File to be signed:C:\Documents and Settings\aparajith_vangal\Desktop\New Folder\GUI.txt
java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\aparajith_vangal\Desktop\New Folder\GUI.txt read)
I require help to overcome this,
Thanks in advance,
Gangotri
if you are using a thread other than the applets main thread to do something take a look at this:
http://forum.java.sun.com/thread.jspa?threadID=5122942&tstart=0
That includes responding to a UI event because the AWT thread is not the main applet thread.
Message was edited by:
zparticle
Similar Messages
-
Security problem when signed applet dynamically load plugins
Hi!
I have one problem : "security problem when signed applet dynamically load plugins"
This is the scenario:
the main program [app.jar]
. contain applet and shared library (interface & implement of common class)
. it is signed and run normally on browser
. it can draw image loaded from other URL [ex] http://bp1.blogger.com/image.jpg
. the image loader is in the shared library
. dynamically load amazon.jar through URLClassLoader and reflection
the plugin [amazon.jar]
. search amazon product [ex] Harry Potter book
. draw image on applet
. use image loader from shared library, BUT CANNOT LOAD IMAGE
The question: "Why it cannot load image, because the image loader is in the shared library which has been signed and working?" I tried to sign the amazon.jar too, but it did not work.
Your reply would be very helpful. Thank you.
Sovannhello. i have create a signed applet for A.jar. A.jar include two package B and C. the main applet class is within B.
B need some classes in C to run the applet. but i got the error that class in package c are not found.
what shall i do? -
HI All,
I am writing a small applet to draw a line graph by setting the parameters from the html pages .It came up beutifully .There are two problems here .
1)When i try to print the applet it prints only black coloroued rectangle in place of applet(graph) .I read lot of articles only to find out that the applet need to be signed for printed .I tried all ways and means but could not succedd in printing an applet .
2)When i try to access the applet from other computer with out copying it says that applet can not be acceessed due to security failure .It throws exception.
I need your help on how to sign applets to access from other computer and also how to print applet content .
Can any one help me on this
Thanks in advance .i am not sure of that , but having experience with drawing images ,graphs and the like and with no experience in printing, i can share u my experience.
using setBackground(Color.white) of the applet/panel wouldnot work since i believe it is something that is got to do with the graphics class .U have to draw a full white rectangle as a background before u start drawing lines.
like
g.setColor(color.white);
g.drawfullrect(0,0,width,height); /// draw a white background
g.setColot(Color.black);
g.drawline(0,0);
etc.....
Have fun dude. -
OC4J 10.1.3.2 oc4jclient.jar makes permission problems in signed applets
A signed applet on WINDOWS 2000 with JRE 1.5_10 or 1.5_12 plugin in a IE6 browser, which talks to Session beans on a SUN 5.9 OC4J 10.1.3.2 server has no permissions with this library :
example:
at XXX.initContext(BeanFactory.java:69)... // 69: context = new InitialContext(props);
Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission oracle.j2ee.logging.severe read)
at java.security.AccessControlContext.checkPermission(Unknown Source)...
With the older OC4J 10.1.3 oc4jclient.jar there is no problem !
Therefore I use the older oc4jclient.jar in my applet.Seems to be a bug. That was the response from Oracle support (Metalink)
Response:
Your issue seems to be related to bug 5594702 - Abstract: EJB30 ENTITY BEAN WITH @ID AND @COLUMN ANNOTATION FAILS TO DEPLOY ON AIX.
There is an issue with the IBM JDK/JRE 1.5's processing of annotations.
Links:
http://www.theserverside.com/discussions/thread.tss?thread_id=37764
http://www-128.ibm.com/developerworks/forums/dw_thread.jsp?forum=367&thread=112543&cat=10
When processing annotations it returns boolean values as false.
Work-around:
Fully specify the @Column annotation's boolean values. If insertable and updatable are set to false (which will happen due to this bug) then TopLink sets the PK
mapping to read-only and the exception seen is expected.
Note: nullable attribute of the @Colmun is not used in the EJB3/JPA preview of 10.1.3.0 If the customer MUST override the default column name then they should use:
@Column(name="column-name", insertable=true, updatable=true)
If they do not wish to override the default column name then simply do not use an @Column annotation.
It can be deleted or commented out in the JDev generated code.
There are two reported annotation processing issues with the AIX JVM. One was fixed in SR1 and the other is fixed
in SR3 (due out Oc 11 - today). Upgrading to these more recent JVM releases may also address this issue.
RECOMMENDED SOLUTIONS:
1. Upgrade the IBM AIX JVM to SR3.
OR
2. Fix all generated @Column annotations as described above -
Problem running signed applet in 1.4 plugin
Hello,
We have a signed applet which we're trying to run on clients downloaded over the web. Our client applet is developed for Java 1.4.0. We're signing the applet because it is expected to access local client resources. The client applet runs successfully on some machines and on both IE6 and Netscape 7. We have installed Java Plugin 1.4 on all machines. But on some machines we receive the following exception:
java.security.AccessControlException: access denied (java.util.PropertyPermission java.home read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.bilten.kizilay.gui.CommPackageLoader.dataTransferToClient(CommPackageLoader.java:9)
at com.bilten.kizilay.gui.Depo.init(Depo.java:138)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)The problem seems to be related with jre configuration rather than browser's. Has anyone a clue?
Muzaffer Ozakcain the console, hit "s" to dump system properties on one machine that is working and one that is not, and post the dumps here. If it is a configuration issue, that will likely point to the problem.
-
IE Specific problem loading signed applet java 1.5
Hello,
I am having troubles loading our signed applet under IE 6.0 (only tested version atm).
Firefox loads it without trouble, though the <object> tag that launches each is different.
Every time I try to launch the applet, it prompts me to install the java runtime environment. I currently have 3 different versions of the java 1.5 runtime on my machine and the Java Control Panel is set to default to the most recent (1.5.04).
Regardless of whether I choose 'Install' or 'Don't Install' a rectangle with a red X appears in the top left corner of the window. Nothing happens if I choose 'Install'. I did install through that prompt once. I don't know why it keeps asking me.
I have enabled the console before loading the applet, and there is absolutely NO output there. The applet is not loaded at all. I am not prompted to accept or deny our certificate. I have also tried disabling as much as I could security-wise in IE.
Any help would be greatly appreciated. I've been searching the net for 2 days and haven't come across anything that fixes this problem. Almost everything I have found has indicated at least some console output at least.
Here is the javascript code I am using. createVCRTarget is called on a button click. I guess I should also mention that this was working some months ago, but it is possible that it was before I installed Service Pack 2. All of my Windows security updates are installed. Also, you should be able to see in here that I also tried using an applet tag. That didn't work either. Nothing loaded when I tried that, the little Active-X icon was in the top left instead of a Red X. That was my first attempt with an applet tag ever though, so it may not have been correct. I think it is obsolete anyways?
function createVCRTarget() {
createWindow('valid.package.path.VCRLauncher', 'vcr.jar, targetsdk.jar, xercesImpl.jar, cidero-common.jar', 'VCRTarget', '300', '110');
return true;
function createWindow(classid, jars, title, width, height) {
var agent = navigator.userAgent.toLowerCase();
var newWin = window.open("", title, "width="+width+",height="+height+",scrollbar=no,status=no,statusbar=no,resizable=no");
newWin.document.write("<html>\n");
newWin.document.write(" <head><title>" + title + "</title>\n");
newWin.document.write(" <style type=\"text/css\">body { margin: 0; padding: 0; }</style>\n");
newWin.document.write(" </head>\n<body>\n");
if (agent.indexOf("msie")==-1) { // not IE
newWin.document.write('<object classid="java:'+classid+'"');
newWin.document.write(' codetype="application/java"');
newWin.document.write(' archive="'+jars+'"');
newWin.document.write(' width="'+width+'" height="'+height+'">');
newWin.document.write('</object>');
} else {
// newWin.document.write('<applet archive="'+jars+'" code="'+classid+'" height="'+height+'" width="'+width+'">');
newWin.document.write('<object classid="clsid:CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA"');
// newWin.document.write(' codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_5_0-windows-i586.cab#Version=5,0,0,0"');
newWin.document.write(' codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab#Version=5,0,0,0"')
newWin.document.write(' width="'+width+'" height="'+height+'">');
newWin.document.write('<param name="code" value="'+classid+'" />');
newWin.document.write('<param name="archive" value="'+jars+'" />');
newWin.document.write('<param name="type" value="application/x-java-applet;jpi-version=1.5.0" />');
newWin.document.write('</object>');
newWin.document.write("</body>\n</html>\n");
}Thanks in advance,
-TimI see now that you are forsing IE to use jre version 1.4.1_5 but you provide a codebase
pointing to the 1.5 jre.
It doesn't matter though what you use evan if you use the htmlconverter if the jdk
you'll get wrong values for codebase and/or IE is not able to download the cab
file.
The only way I was able to install the jre through clsid and codebase browsing a
page with IE was to download the cab file with mozilla (if you know the correct url to it).
And then host the cab file yourselve. -
Problems with signed Applet for File Download under JRE 1.4 (works with 1.3
Dear all,
i encountered a very strange behaviour with JRE 1.4x. A signed applet used for file download worked on all platforms (Windows NT, 2000 and XP wth/wthout SP...) until I installed JRE 1.4.x (1.4.1 or 1.4.2)
I get an EOFException when downloading binary files (for ASCII it works fine) when trying to readByte() from a DataInputStream. But not immideately, but after x bytes in the while-loop. Security is fine (I know there have been changes to that in jre 1.4, the applet itself can be started an runs with ASCII files for transfer)
Does anyone know, what has changed in jre1.4.
As I said, it works fine under jre 1.3.x
The relevant code is below: byte bt = dis.readByte(); causes the error
try{
// Get URL from Server
URL uFile = new URL(sFilename);
sThisURLFile = uFile.getFile();
Integer inte = new Integer(i);
//open input stream for the file on server
DataInputStream dis = new DataInputStream(new BufferedInputStream
(uFile.openConnection().getInputStream()));
//open output stream for the file on local drive
String sFilenameOnly = sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1);
int iDotPos = sFilenameOnly.lastIndexOf(".");
String sExt;
if (iDotPos > 0) {
sExt= sFilenameOnly.substring(iDotPos);
} else {
sExt = "";
File fileOut = new File(sDownloadDir + sThisURLFile.substring(sThisURLFile.lastIndexOf('/')+1) );
DataOutputStream dos = new DataOutputStream(new
BufferedOutputStream(new FileOutputStream(fileOut)));
//read one byte from input stream, and write that byte to output stream
long nByte = 0;
int iCnt = 0;
iFilesizeDone ++;
while (nByte < iFilesize){
String sErrPs = new String();
try{
sErrPs = "00";
byte bt = dis.readByte();
sErrPs = "01";
dos.writeByte(bt);
} catch (EOFException ee)
System.err.println("internal EOFException: " + ee.getMessage());
System.out.println("Error Filesize is " nByte " of " iFilesize "---" + sErrPs);
break;
nByte++;
iFilesizeDone ++;
iCnt ++;
if(iCnt >= 10240) {
ShowProgress(nByte, iFilesize, iFilesizeDone, iFilesizeTotal); // repaint does not work during init-procedure
iCnt = 0;
line = "Progress: Total: " + ((iFilesizeDone*100)/iFilesizeTotal) + " perc, " + iFilesizeTotal/1024 +" kbytes" ;
labLine.setText(line);
//dos.flush(); // improves Client performance (Agent-Call!)
dis.close();
dos.close();
}// End try
catch (EOFException ee)
System.err.println("EOFException: " + ee.getMessage()e);
catch (SecurityException se)
System.err.println("SecurityException: " + se.getMessage());
catch (IOException ioe)
System.err.println("IOException: " + ioe.getMessage());perhaps they've changed something with the file blocking.
btw, you should try to use something like this
DataInputStream dis = new DataInputStream(is);
byte[] buffer=new byte[8192];
int numBytesRead;
while ( dis.available()>0 ) {
numBytesRead = dis.read(buffer);
} -
Security Problems with Signed Applet
Hello All,
I need help with signed applets.
I have an applet pkged in a jar that uses other jars. I have signed the jar containing applet and all the other jars being used. However, when I try to run the applet in IE 6.0.xx, I get the following error
java.lang.ExceptionInInitializerError
at aaa.aaa.somemethod(xxx.java:192)
at aaa.aaa.aaa.access$000(xxx.java:27)
at aaa.aaa.aaa.$1.run(xxx.java:467)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
... 3 moreMy application is using Java 1.4.2.xx.
Any help or pointers would be greatly appreciated.
Thanks.Thanks harmmeijer and mjparme for your responses.
I made some changes to my application and it does not now require the system property information. But now I am getting another exception related to class loader.
I made the changes to the console as suggested by harmmeijer, and here is the stack trace. Also, I am not using any JavaScript explicitly.
Registered modality listener
Invoking JS method: document
Invoking JS method: URL
Referencing classloader: sun.plugin.ClassLoaderInfo@e0a386, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...<init>(a.java:39)
at xxx.xxx.b...<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...ToolBus.<init>(a.java:39)
at xxx.xxx.b....<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Modality pushed
Modality poppedmjparme as to your second point, the action is taking place in the same jar only. No other jar is involved at the stage where I am getting exception.
Thankyou again and will appreciate your help.
AC -
Loading problem for Signed applet on MAC OS
Hi All
I�m trying to test my application on MAC OS (For versions: 10.2.6 as well as 10.4.x)
For MAC 10.2.6 OS Java version is 1.4.1_01 and
For MAC 10.4.x OS Java version is 1.4.2_07
The code is compiled on Windows machine having Java version 1.4.2_07
There�s a functionality which is calling signed applet (signed JAR for applet) and when this functionality is called, following error encounters:
Java(TM) Plug-in: Version 1.4.1_01
Using JRE version 1.4.1_01 Java HotSpot(TM) Client VM
java.io.IOException: Server returned HTTP response code: 403 for URL: http://myMachineName: port/appName/UploadDownloadAppletJava.jar
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:709)
at sun.plugin.net.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:384)
at sun.plugin.net.protocol.http.HttpUtils.followRedirects(HttpUtils.java:39)
at sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:302)
at sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:128)
at sun.plugin.cache.JarCache.get(JarCache.java:172)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:93)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:78)
at sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:580)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:541)
at sun.misc.URLClassPath$3.run(URLClassPath.java:319)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:308)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:285)
at sun.misc.URLClassPath.getResource(URLClassPath.java:155)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
Due to which cannot access Applet class (which is inside UploadDownloadAppletJava.jar) and operation is failed.
(It works perfectly fine on Windows XP with both IE 6 and Firefox browsers).
On MAC I'm testing on FireFox.
Code which calls to applet is:
<applet
name=UploadDownloadApplet
code="UploadDownloadApplet.class"
codebase=/appName/
archive=UploadDownloadAppletJava.jar
width=0 height=0>
<PARAM NAME=cabbase VALUE=UploadDownloadApplet.cab>
<PARAM NAME=action VALUE=<%= action %>>
<PARAM NAME=workingAreaMac VALUE="<%= workingAreaMac %>">
<PARAM NAME=workingAreaPC VALUE="<%= workingAreaPC %>">
<PARAM NAME=processId VALUE=<%= processId %>>
<PARAM NAME=downloadBaseProductInd VALUE=<%= downloadBaseProductInd %>>
<PARAM NAME=initTime VALUE=<%= initTime %>>
<PARAM NAME=httpSessionId VALUE="<%= httpSessionId %>">
<PARAM NAME=userId VALUE="<%= userId %>">
</applet>
Please suggest some guidelinesjava.io.IOException: Server returned HTTP response code: 403 for URL:
http://myMachineName: port/appName/UploadDownloadAppletJava.jar
Have you tried entering the URL into a browser window and see what happens?
Message was edited by:
wangwj -
Hello !
I have an applet program that displays the content of a batch file in the Applet window.
To sign the Applet I have converted the corresponding class file to a jar .
Then using keytool & jarsigner... I had signed it .
I tried to restrict the enuser form editing the contents of that batchfile's contents.
To restrict it I had Created a Policy file with only read permission allowed .
After following the above procedures , when i tried to run my applet, the applet is getting loaded sucessfully with that batch file's content .
And when i try to edit it , I'm able to edit the contents . I don't how this could be possible bcoz i have set the permission only to read it !
Any Ideas Please !
TIAin the policy file, you restrict the applet to only read files. but if you have already signed it and clicked Yes on the certification screen when loading the applet, the applet gets full permission.
the other thing is that you have a textarea field or something, you must set the textarea to readonly.
if you read in a file's content and display it in a textarea, the user can change the content of the textarea, but if your applet does not write the changes back to the file, the file won't be changed, although the user has changed the textarea content.
perhaps you might post some more info on the code you are using.... -
Problem in Signed Applet while communicating with Javascript
Hi,
Im facing a problem with applet. Applet calls JavaScript methods and vice versa. Applet works fine with JRE 5 to JRE 6 up to build no 1.6.0._7 but it fails with build no 1.6.0_10.
The problem description is given below:
After embedding applet in my HTML page using <OBJECT> tag, Ive to check either any problem during applets execution, I want to get the error reason by calling my defined method getErrorReason() in applet that returns the error reason, I call the getErrorReason() against the applets object in JavaScript immediately after embed applet code in my HTML page, a JavaScript errors occurs and my applet fails to perform its execution.
JavaScript error: Object does not support this property.
The error points to the HTML page area where Im calling getErrorReason() against applet object.
The above JavaScript error occurs after the successful completion of Applets init(). Im facing this problem only in JRE 6 build 1.6.0_10-b33.
Please suggest me any solution.
Thanks in advance.
Regards,
Israr AhmedWe are using the HttpURLConnection. If I have to go down the stack to the Socket object, well I guess I have to re event the wheel so to speak.
I have tried both Connection: close and Connection: Keep-Alive. Not at the same time :) but in different intrim releases of test applet.
// Here is the current incarnation of how I am trying to connect.
URL url = new URL(sURL);
trace("attempting to connect to URL: " + sURL, DEBUG);
connection = (HttpURLConnection)url.openConnection();
connection.setDoOutput(true);
connection.setDoInput( true );
connection.setRequestMethod("POST");
connection.setUseCaches( false );
connection.setInstanceFollowRedirects( true );
connection.setAllowUserInteraction( false );
connection.setRequestProperty("Pragma", "no-cache");
connection.setRequestProperty("Expires", "-1");
connection.setRequestProperty("Connection", "Keep-Alive");
connection.connect();
// Now I write our form POST data and flush and close the output stream.
BufferedOutputStream bos = new BufferedOutputStream(connection.getOutputStream());
bos.write(sForm.getBytes());
bos.flush();
bos.close();
// Get the input and read
bis = new BufferedInputStream(connection.getInputStream());
trace( "reading input stream for action: " + sAction );
byte[] responseBuffer = new byte[4096];
int bytesRead = 0;
while( (bytesRead = bis.read( responseBuffer, 0, responseBuffer.length )) != -1 )
sbResponse.append( new String( responseBuffer, 0, bytesRead ));
totalBytesRead += bytesRead;
catch (Throwable e)
e.printStackTrace();
try
m_connections.remove( sAction );
connection.disconnect();
catch ( Throwable t ) {}
finally
if ( bis != null )
try
bis.close();
catch( Throwable t ) {}
With the above code in place what I am now seeing, as opposed to a premature EOF exception, is blocking behavior on the read. -
Signed applet throws security exceptions
Since nobody seems to be reading the Signe Applet forum, I decided to try here:
Hi all
I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
So, signing will have to work.
Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
It works on JVM 1.5.0_06 but not on 1.4.2_08.
Please help me make if work under any JVM.
The error I get is:
Java(TM) Plug-in: Version 1.4.2_08
Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\miha
Proxy Configuration: Automatic Proxy Configuration
URL: http://orion.nil.si/proxy.pac
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
java.lang.NullPointerException
at net.propero.rdp.ISO.connect(ISO.java:123)
at net.propero.rdp.MCS.connect(MCS.java:84)
at net.propero.rdp.Secure.connect(Secure.java:153)
at net.propero.rdp.Secure.connect(Secure.java:171)
at net.propero.rdp.Rdp.connect(Rdp.java:498)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
FATAL: java.lang.NullPointerException: nullWhat is funny, is that I have two applets, and one works and the other one doesn't. It is like this:
Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
All JARs are signed using the same key/certificate.
Both applets try to connect to the same "host1".
Both applets try to use the same proxy - which is different from "host1".
The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
When I tried to move the proxy object down to the child threads, I get the following exception:
Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
Regards, Miha VitorovicThe one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
When I tried to move the proxy object down to the child threads, I get the following exception:
Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
Regards, Miha Vitorovic -
Hi,
I have a problem with signed applets in IE. I#m using JDeveloper to develop a simple applet which needs to connect to database in order to perform certain tasks.
when I try to use self-signed cab files - I get error "load class --myClassName-- not found". If I have plug-in code in html page like <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" WIDTH = 550 HEIGHT = 400 ALIGN = middle NAME = "TestApplet" codebase="HTTP://java.sun.com/products/plugin/1.2/jinstall-12-win32.cab#Version=1,2,0,0" IE will not find the cab files ( <param name="cabinets" value="pass.cab, jdev-rt.cab">).
As it seems I can't use the <object> tag and cab files together. Other question is: how do I get IE (and other browsers ) to support swing-components. Any help is highly appreciated, thx.I don't think the Java plugin supports cab files...only *.jar format.
-
last week I have the problem for Signed Applet,
and I hope this will Help You.
but, I am sorry
for Netscape, it's not done yet.
So, here are the Step for IE
1. Create you java code (takepic.java)
in your code write the securiy permission
if(Class.forName("com.ms.security.PolicyEngine") != null)
mlabel.setText("Done IE");
PolicyEngine.assertPermission(PermissionID.UI);
write your permission you want at the PermissionID target
2. Create Cab File
cabarc -p -r -s 6144 N takepic.cab takepic.class
3. Create certificate
makecert -sk private -n "cn=I Gusti Putu Anom" anom.cer
4.create spc from certificate
cert2spc anom.cer anom.spc
5. create ini file contains permission you want (example perms.ini)
[com.ms.security.permissions.PrintingPermission]
[com.ms.security.permissions.PropertyPermission]
Unrestricted=false
IncludedProperties=java.vendor
[com.ms.security.permissions.ThreadPermission]
AllThreadGroups=true
AllThreads=true
[com.ms.security.permissions.UIPermission]
ClipboardAccess=true
TopLevelWindows=true
NoWarningBanners=true
FileDialogs=true
EventQueueAccess=true
6. signcode -j javasign.dll -jp perms.ini -spc anom.spc -k private takepic.cab
for Netscape, you must use PrivilegeManager and you must create a jar file
if(Class.forName("netscape.security.PrivilegeManager") != null)
PrivilegeManager.enablePrivilege("SuperUser");
you can find package for netscape at C:\Program Files\Netscape\Communicator\Program\java\classes\java40.jar
for IE, you can find it at C:\WINNT\java\Packages\GI53BPN9.zip
you can find the article at :
http://www.ddj.com/articles/1999/9902/9902h/9902h.htm
regards,
I Gusti Putu Anom A
Software Engineer
Balicamp
Bali - IndonesiaI used the file from C:\WINNT\java\Packages\ folder.
I used GI53BPN9.zip (My OS is Windows 2000)
there are 8 files on this folders
Windows 2000 and Windows NT has diferrent name for the package file.
I think you should use all the zip file from "C:\WINNT\java\Packages\", Because I'm not sure which file contain com.ms.security on your computer. -
Signed applets called from javascript - how/where to load policy file?
I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
So, I can get things to work if I place the following two lines in my 'local' JDK installation:
permission java.io.FilePermission "${user.home}/x.properties", "read,write";
permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
I'd REALLY appreciate any help I could get on this...
thanks in advance,
+0^^Maybe you didn't realize but my previous post was sarcastically ment:
"hello SUN security stop bugging me in writhing this malicious program"
and
"hello SUN security, I'm a good boy now trust what I'm doing"
Are in a practical sense exactly the same.
SUN should either remove the stack check or the doprivileged. The stack check takes up
valuable resources for nothing since a malicious program can easily circumvent that.
Your post about a malicious user abusing your (CA) signed applet to ruine someone's
system is correct, it would not be difficult. A CA signed applet will not even ask a user to
trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
used on "grandma's old PC" since it's too complicated for users to do such things.
YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
certificate!).Actually you are to blame, because you made software that exposes a vonurability
other people can take advantage of.
what you can do before calling the doprivileged private method is check the call stack.
So your signed applet has a public method checking the callstack, if this lookes OK
that method will call the private doprivileged method.
Here is the example
package t;
import java.util.Properties;
import java.applet.Applet;
public class test extends Applet {
public test(){
startingPrivileged();
public void startingPrivileged(){
System.out.println("this is the stack");
try{
throw new Exception("get the call stack");
}catch(Exception e){
StackTraceElement stack[] = e.getStackTrace();
for (int i=0; i<stack.length; i++) {
System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
// this is a really simple check to see if this method was started from the t. package
// a good hacker can just create it's own package named t and take advantage of this method
// if this method was started from the same package there is no reason to make this method
// public, protected would work.
// there must be a better way to check if this method was called by "your" or "trusted" code
if(stack[1].getClassName().startsWith("t.")){
dosomePrivileged();
private void dosomePrivileged(){
System.out.println("this is the method that does privileged stuff");
public static void main(String args[]) {
new test();
Maybe you are looking for
-
My Mac won't connect to the wireless internet
My MacBook won't connect to the internet. Yet my phone and iPad will. I have tried turing the laptop on and off. Shutting the airport on and off and turning the Bluetooth on and off. And it still won't connect.
-
How do I notify Apple that I need a Refund of the $100.00 that I paid for fifty gigs of iCloud storage that I can't use because I thought I would be able to put my music library on it and found out I can't? Only iTunes purchases are capable of use in
-
Hi, i have a problem, im developed program in Windows in NetBeans 5.5, after write program, i want execute my jar-file in MacOSX(10.4), and Macos write me in conose, that i have 1.42 version of VM Java!, where i can download 1.6 version for my mac
-
Multiple currencies under one company code for contracts
Gooday! We have a new schenario ( In RE-FX) where we have a couple of contracts which were negotiated with the landlord that needs to be settled in Rand, whilst the company code are setup for another currency, which is dollar (caters for the bulk of
-
Installed Windows on Mac with Boot Camp and did something HORRIBLY WRONG
Please please PLEASE tell me someone can help me!! I tried installing Windows XP Pro on my MacBook today, I tried following the instructions but none of the windows popped up like they showed in the instructions. When the Windows Setup (blue screen)