Security Exception executing a signed Applet

Similar Messages

• Access denied to a security provider on a signed applet

  Hi,
  I'm having permissions problems to work with a security provider.
  The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
  If I'm working the provider in an signed applet, then there are errors.
  Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
  grant codeBase "file:${{java.ext.dirs}}/*" {
  permission java.security.AllPermission;
  Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
  log:
  <record>
  <date>2012-03-13T12:13:39</date>
  <millis>1331637219126</millis>
  <sequence>17</sequence>
  <logger>appletpdf.appletPdf</logger>
  <level>SEVERE</level>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <thread>11</thread>
  <message>excepcion: {0} </message>
  <exception>
  <message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
  <frame>
  <class>java.security.AccessControlContext</class>
  <method>checkPermission</method>
  <line>393</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>checkPermission</method>
  <line>553</line>
  </frame>
  <frame>
  <class>java.lang.SecurityManager</class>
  <method>checkPermission</method>
  <line>549</line>
  </frame>
  <frame>
  <class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
  <method>checkPermission</method>
  <line>250</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.SunPKCS11</class>
  <method>login</method>
  <line>1036</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>login</method>
  <line>874</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>engineLoad</method>
  <line>764</line>
  </frame>
  <frame>
  <class>java.security.KeyStore</class>
  <method>load</method>
  <line>1201</line>
  </frame>
  <frame>
  <class>apppdf.appPdf</class>
  <method>tPKCS11</method>
  <line>174</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <line>137</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>initapplDPdf</method>
  <line>116</line>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke0</method>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke</method>
  <line>57</line>
  </frame>
  <frame>
  <class>sun.reflect.DelegatingMethodAccessorImpl</class>
  <method>invoke</method>
  <line>43</line>
  </frame>
  <frame>
  <class>java.lang.reflect.Method</class>
  <method>invoke</method>
  <line>616</line>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext$4</class>
  <method>run</method>
  <line>699</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>doPrivileged</method>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext</class>
  <method>handleMessage</method>
  <line>696</line>
  </frame>
  <frame>
  <class>sun.applet.AppletSecurityContextManager</class>
  <method>handleMessage</method>
  <line>69</line>
  </frame>
  <frame>
  <class>sun.applet.PluginStreamHandler</class>
  <method>handleMessage</method>
  <line>273</line>
  </frame>
  <frame>
  <class>sun.applet.PluginMessageHandlerWorker</class>
  <method>run</method>
  <line>82</line>
  </frame>
  </exception>
  </record>
  Fails in the line where the KeyStore is loading:(Pin is correct)
  KeyStore myKeyStore=null;
  Provider p = Security.getProvider("SunPKCS11-Provider-Name");
  myKeyStore = KeyStore.getInstance("PKCS11",p);
  char[] pinData = pin.toCharArray();
  myKeyStore.load(null, pinData);
  Any help would be apreciated.
  Thank you.
  Bye

  Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
  Do backup and restore privileges apply at all over a network mount created via "net use"?
  The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
  user, or is the access check still done with our sync process's run-as user?
  We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
  S-1-5-32-544" group.
  On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
  file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
  My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.

• Java.io.File causes "access denied" exception in a signed applet

  Hi,
  New to these forums and not entirely where it's appropriate to post this issue, so I'll stick it here for now until told otherwise.
  The problem:
  My applet throws the following exception.
  INFO: Exception Message: access denied (java.io.FilePermission C:\Some Dir With Spaces\AnotherDir\FinalDir read)
  The psuedo-code:
  java.io.File RootPath = new java.io.File( "C:\" );
  private boolean doesSubdirectoryExist(String directory) {
          boolean mResult = false;
          try
              java.io.File tmpPath = new java.io.File( RootPath.toString() + java.io.File.separatorChar + directory );
              mResult = tmpPath.isDirectory();
              tmpPath = null;
          catch (Exception e)
              ... error handling code
          return mResult;
  private void btnCheckPathActionPerformed(java.awt.event.ActionEvent evt) {
          ....some other stuff....
          doesSubdirectoryExist(.. a text field value from the GUI form..);
          ....some other stuff....
  }                                       The conditions:
  1) The applet is signed.
  2) The applet runs fine in the AppletViewer.
  3) I am using JDK1.5.0_09.
  4) When I click the button the event handler is tied to, it works correctly the first time.
  5) If I click a second time, with the same value in the text field (i.e. testing for the same subdirectory again) I get the exception error.
  I'm pulling my hair out trying to figure this one out. If it were a security issue with the applet running from a browser, why does it work the first time?
  Am I failing to release some lock that creating a java.io.File instance creates?
  I would appreciate any help.

  I've identified the issue. I was attempting to access the filesystem from two different thread and/or contexts.
  It seems that if I use the SwingWorker class from https://swingworker.dev.java.net/ to perform background tasks in the Worker thread, I don't get the security privileges required to modify the filesystem. Even though I have signed the jar correctly.
  However I can access the filesystem quite happily from the Event Dispatcher thread. If my jar is signed correctly.
  So, I have the following questions:
  1. Why doesn't SwingWorker worker threads get the same security context as the event dispatcher thread?
  2. Is there anyway I can give the worker thread the necessary security privileges?
  3. Is there anyway to do this without having to write my own thread handling code and creating my own thread pools?
  Message was edited by:
  Fidotas
  Message was edited by:
  Fidotas

• My signed applet works with 1.4.1 plugin but it doesn't with 1.4.2_02 !!!

  Hi there, I've got problems trying to sign an applet with Java 2. That applet is an FTP which is used for uploading files throught the Browser (just upload).
  I signed my applet with SDK 1.4.1 when I surfed the page which contains it, the applet works properly (the browser had Java plug in 1.4.1) ... the certificate appeared (thawte), I clicked "Yes" for agreeing the certificate .. everything went fine. The problem was when I tried to navigate that page with a Browser with Java Plug in 1.4.2, I agreed the cetificate, but when I tried to upload a file with the applet the following error happens :
  ava.security.AccessControlException: access denied (java.io.FilePermission C:\install\slsk151.wma read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkRead(Unknown Source)
       at java.io.FileInputStream.<init>(Unknown Source)
       at java.io.FileInputStream.<init>(Unknown Source)
       at FtpSigned.upload(FtpSigned.java:463)
       at FtpSigned.run(FtpSigned.java:526)
       at java.lang.Thread.run(Unknown Source)
  after that I downloaded the SDK 1.4.2_02 and I installed the plugin
  1.4.2_02 (build 1.4.2_02-b03)
  I signed tha applet again and it didn't work ...
  please ... I need help!
  Thanks in advance.
  Nico.

  Funny, I had a problem going to _03 when it worked fine in _02. Symptoms: In IE, Sun's plug-in displays security warning prompt for signed applet, and, even though the user clicks YES to accept, all priv operations cause exceptions. It sounds like what you're referring to, but I'm wondering why I didn't see it in _02. Anyway, I'm going to look into the doPriv... stuff to see if that fixes my prob and I'll report back FWIW.

• Signed Applet and Threads

  I have a signed applet that writes some files to the client's local disk. I modified the applet to spawn the file writing into a separate thread. The thread that the signed applet spawns, however, seems to not retain the security rights that my signed applet has, even though the thread is spawned by the signed applet! I receive access restriction exceptions when I write the files with the second thread, but receive no such exception when doing the same thing in the original signed applet code. Is this how the security model is supposed to work?

  Do you have really problems with files? or with threads... Maybe it would be enough just to allow the threads permisions...

• Firefox can't store permanent security exceptions.

  I'm using Firefox 3.16.12 (user-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3)
  When I try to add security exception for self-signed certificate - I have the same problem as it seen on this video: http://www.youtube.com/watch?v=WatBXY5CxO0
  Temporary exceptions are stored without any problems.

  Found solution for this problem here: http://forums.mozillazine.org/viewtopic.php?f=38&t=1160375&start=0&st=0&sk=t&sd=a
  It seems, that something was wrong with cert_override.txt , cert8.db from profile folder. Deleting those file helps.

• Signed applet throws security exceptions

  Since nobody seems to be reading the Signe Applet forum, I decided to try here:
  Hi all
  I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
  The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
  So, signing will have to work.
  Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
  It works on JVM 1.5.0_06 but not on 1.4.2_08.
  Please help me make if work under any JVM.
  The error I get is:
  Java(TM) Plug-in: Version 1.4.2_08
  Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
  User home directory = C:\Documents and Settings\miha
  Proxy Configuration: Automatic Proxy Configuration
       URL: http://orion.nil.si/proxy.pac
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  l:   dump classloader list
  m:   print memory usage
  o:   trigger logging
  p:   reload proxy configuration
  q:   hide console
  r:   reload policy configuration
  s:   dump system properties
  t:   dump thread list
  v:   dump thread stack
  x:   clear classloader cache
  0-5: set trace level to <n>
  java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
  TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
  java.lang.NullPointerException
       at net.propero.rdp.ISO.connect(ISO.java:123)
       at net.propero.rdp.MCS.connect(MCS.java:84)
       at net.propero.rdp.Secure.connect(Secure.java:153)
       at net.propero.rdp.Secure.connect(Secure.java:171)
       at net.propero.rdp.Rdp.connect(Rdp.java:498)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
  FATAL: java.lang.NullPointerException: nullWhat is funny, is that I have two applets, and one works and the other one doesn't. It is like this:
  Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
  Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
  All JARs are signed using the same key/certificate.
  Both applets try to connect to the same "host1".
  Both applets try to use the same proxy - which is different from "host1".
  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

  The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
  When I tried to move the proxy object down to the child threads, I get the following exception:
  Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClassInternal(Unknown Source)
       at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
       at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
  So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
  Regards, Miha Vitorovic

• Should a signed applet ever throw a security exception?

  hi,
  I've had a few times when a signed applet seems to throw a security exception (at the moment am trying to figure out a SocketException being thrown).
  I thought if the applet was signed, and when the browser asks if you want to grant it permissions you press Yes (which I do), then there should not be any security issues?
  thanks,
  asjf

  A signed applet has to assert which permissions it wants. The client JVM then asks the user if they will give those permissions to the signer. If the applet tries to do something for which it hasn't been granted permission a security exception is thrown.

• Self signed Applet - still getting Security Exception...

  Hi everyone...
  I m new to Java Mail... Nd I m developing a Applet to send mail from my Gmail account, nd I used keytool, jarsigner to Self sign the applet. Nd I wrote a Html page and when calling my applet method using javascript, I m having Security Exception... And I m using Java 1.5 (i.e., J2SE 5)
  Here is the sample of my code...
  --------- MyMail.java -----------
  import javax.mail.*;
  import javax.mail.internet.InternetAddress;
  import javax.mail.internet.MimeMessage;
  And all neccessory packages are imported....
  public class MyMail extends JApplet
       String server = "smtp.gmail.com";
       String username;
       String password;
       String fromAddres="";
       String toAddres="";
       Other Variable declaration goes here........
  Session ses;
  Transport tr;
  MimeMessage msg;
       public void init() //For testing purpose
            doLogin("username","password"); //My account details
       public void doLogin(String user,String pass)
            username = user;
            password = pass;
            boolean success;
            fromAddres = user+"@gmail.com";
            toAddres = "[email protected]";
            subject = "TEst SubJect";
            body = "This is Test Mail";
            success = doAuthentication();
            if(success)
                 setHeaders(server,username,password,fromAddres,toAddres,cc,bcc,htmlFormat,subject,body);
                 sendMail(ses);
                 doLogout();
       public void doLogout()
            //Deals with the logout from my account
       public boolean doAuthentication()
            //Deals with the authentication of my account
            // Setting properties, creating a session, getting transport object...
            //and returns true if authentication is success, false if not.
       public void setHeaders(String server, String username, String password, String fromAddress, String toAddress, String cc, String bcc, boolean htmlFormat, String subject, String body)
            //Sets the headers fields for the message (recieved through arguments)
       public void sendMail(Session ses)
            //Deals with sending mail
  class MyPasswordAuthenticator extends Authenticator
       //Deals with the authentication of my account
  ---------- MyMail.html -----------
  <html>
  <head>
  <script language=javascript>
  function sendmail()
  document.MyMail.doLogin("username","password"); //my account details
  </script>
  </head>
  <body>
  <input type=button name=but value=Send mail onclick=sendmail()>
  <applet name=MyMail code=MyMail.class
  archive=mail.jar,activation.jar,mailplus.jar width=0 height=0>
  </applet>
  </body>
  </html>
  And the applet is Self signed using the tools supplied from Java SDK...
  it got signed...
  And as the applet got loaded when i opend the MyMail.html, as i called the doLogin(..,..) in init() it is sending mail successfully...
  The problem is.... As I given the action for my button to send mail (by calling java method from java script i.e., calling doLogin() when the button clicked) I m getting Security Exception
  So...anyone plz tell me the solution....
  Thnx in advance....
  - Kanta

  http://www.google.nl/search?hl=nl&q=site%3Asun.com+javascript+signed+applet&btnG=Google+zoeken&meta=
  DoPrivileged would solve your problem but I've seen some cases where the
  threaded (link mentioned below second post) mothod is the only way it'll work.
  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  Still problems?
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• Signed applet not working in firefox - java.security.AccessControlException

  Hello,
  I have a signed applet that works fine in IE 7 but in Firefox I'm getting this exception in the java console:
  java.security.AccessControlException: access denied (java.net.SocketPermission myhost.com resolve)
  I already tried to run the applet with different JRE versions in Firefox with the same result: 1.6.0_01, 1.6.0_02, 1.6.0_03, 1.6.0_05
  I'll appreciate your help.

  thanx 4 replying
  using the browser to view Applet is not recomended that is because if u change the the source-code and recompile the applet then run it using the broswer it will run the old-version
  Also i've found the solution here
  http://www.cs.utah.edu/classes/cs1021/notes/lecture03/eclipse_help.html

• Security Problems with Signed Applet

  Hello All,
  I need help with signed applets.
  I have an applet pkged in a jar that uses other jars. I have signed the jar containing applet and all the other jars being used. However, when I try to run the applet in IE 6.0.xx, I get the following error
  java.lang.ExceptionInInitializerError
       at aaa.aaa.somemethod(xxx.java:192)
       at aaa.aaa.aaa.access$000(xxx.java:27)
       at aaa.aaa.aaa.$1.run(xxx.java:467)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       ... 3 moreMy application is using Java 1.4.2.xx.
  Any help or pointers would be greatly appreciated.
  Thanks.

  Thanks harmmeijer and mjparme for your responses.
  I made some changes to my application and it does not now require the system property information. But now I am getting another exception related to class loader.
  I made the changes to the console as suggested by harmmeijer, and here is the stack trace. Also, I am not using any JavaScript explicitly.
  Registered modality listener
  Invoking JS method: document
  Invoking JS method: URL
  Referencing classloader: sun.plugin.ClassLoaderInfo@e0a386, refcount=1
  Loading applet ...
  Initializing applet ...
  Starting applet ...
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
       at xxx.xxx.a...<init>(a.java:39)
       at  xxx.xxx.b...<init>(b.java:42)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
       at java.lang.reflect.Constructor.newInstance(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
  java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
       at xxx.xxx.a...ToolBus.<init>(a.java:39)
       at xxx.xxx.b....<init>(b.java:42)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
       at java.lang.reflect.Constructor.newInstance(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Modality pushed
  Modality poppedmjparme as to your second point, the action is taking place in the same jar only. No other jar is involved at the stage where I am getting exception.
  Thankyou again and will appreciate your help.
  AC

• Signed applets in 1.4.1: non-trust ignored: severe security problem?

  Hello all,
  I am signing applets with a developer certificate.
  Until know everything worked fine with Plugin 1.3.1.
  Know I changed to Plugin 1.4.1 and encountered a strange behaviour: When I open the HTML page with a browser (tried IE 5.5 and Mozilla 1.1) the certificate-question pops up. The problem: if I choose not to trust the certificate, the applets starts nevertheless and I can use the system clipboard inside my Applet (for what applets needs to be signed)!
  This looks like a severe security problem!
  Does anyone know anything about this? Can you reproduce this?
  thanx!
  Marcus

  Hi,
  I tried to reproduce what you said with plugin 1.4.0 (I don't have 1.4.1 yet) and IE6.0 (It doesn't have anything to do with the browser)
  My Java console said :
  "User has denied the priviledges to the code
  writeFile: caught security exception"
  The security seems to work OK in 1.4.0.
  I will have to try 1.4.1.
  Patrick

• RuntimePermission exception on RMI lookup on a signed Applet

  Hi everybody,
  Here is my problem : I want to call an ejb from my applet, using RMI.
  But, as it is an applet, I get a security exception when I make the naming lookup :
  java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.rmi.server)
  I have been wandering for two days in the Java Sun sites and forums to find out how to pass through this problem.
  Too many information is no information : I am not sure to have the correct answer; but here is what I have found :
  All I have to do is to make a self-signed Applet (for testing purpose, before having a real certificate), using keytool and jarsigner, and use it with Java Plugin. Doing that will give AllPermission to the signed code, if the user agrees through a Java Plugin dialog.
  (see http://java.sun.com/products/plugin/1.2/docs/nsobjsigning.html)
  But... that doesn't work (who said 'of course' ?) :
  I get the granting dialog, and even if I agree, I always get the same java.lang.RuntimePermission accessClassInPackage exception.
  The strange think is that I tried to write a file on the client machine for testing the permission, and that works fine with this same signed applet.
  I think that AllPermission implies FilePermission and also RuntimePermission, doesn't ?
  Is this behaviour related to my self-signed certificate ? (in this case, why can i write a file ?)
  What am I missing ?
  Any help will be welcome,
  many thanks
  bernard
  PS. : Of course, i don't want the user to modify its java policy or security configuration as it is often "mission impossible".

  Sorry, i forgot : i am using Java Plugin v 1.3.1_02
  B

• Change language on the security warning popup when using signed applets

  Hi
  Today when we use a signed applet the user get a security warning popup box where the langauge is English.
  Is it possible to change the language to other that English and if possible how can this be done ?
  Thanks in Advance,
  Henrik Rasmussen
  Denmark

  The Microsoft one is especially annoying because they should know better than to submit from secure to insecure.
  Let's say you are currently logged in to a Microsoft account and you click Sign in on MSDN. The site redirects to login.live.com, which recognizes that you are logged in, and generates a page with a hidden form and submits it back to MSDN using a script. This is where the problem is, because the hidden form action URL is not secure, yet it is on a secure page. (See Screen shots)
  The workaround (hack, whatever) is to modify the form to a secure address before it is submitted. How can you do that? Since it is impractical to do by hand, you can use an add-on.
  In an earlier thread, user thx1200 posted a link to a userscript that fixes this issue on login.live.com. The userscripts''.''org site has seemingly died, but there is a copy on a mirror of that site.
  * Earlier thread (long): [https://support.mozilla.org/questions/964250 How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection]
  * You need Greasemonkey to run user scripts: https://addons.mozilla.org/firefox/addon/greasemonkey/
  * User script install page: [http://userscripts-mirror.org/scripts/show/173384.html Fix security warning for Microsoft Live login]

• Signed applet works on pc  but can't print on mac! security issue!

  Hello
  I have an applet which works beautifully on the pc under ie, firefox, chrome and safari. Essentially - it uses the batik libraries to download an svg file and then print it.
  Problem is that firstly - no matter which operating system or browser the applet ALWAYS asks me if i want to give it access to the printer. The checkbox that says don't ask this again does not work except while the same applet is loaded. Subsequent loads make it reappear. So that one annoys me.
  But the big issue is that under the Mac OSX my applet will not print. It claims a SocketPermission issue for the localhost port 631 connect,resolve. Of course, before you ask, yes, the jar is signed , and yes i was asked on the mac if i trust this user. It is a self signed certificate by the way.
  I have no idea why the mac is not allowing my trusted app access to the printer when the other operating systems do. Is it perhaps that i am not somehow getting the AllPermission policy file read?
  I have no idea where to even put the java.policy.applet that eclipse generates so i also put it into my jar file. I can't find any knowledge of that file out there or where to deploy it but i keep seeing reference to java.policy. so i copied java.policy.applet and renamed it java.policy and also included that in my jar. the upshot of doing that? Nada. With or without those policy files in my jar it makes no difference.
  DocPrintJob tmpJob = tmpPrinter.createPrintJob();                    
  HashPrintRequestAttributeSet set = new HashPrintRequestAttributeSet();
  tmpJob.print(tmpDoc, set); // its this line that fails
  I am new to java development (well actually about 8 years abstained from it) and this is one of those prototypes that says we either will use java or we won't. Please help, its the final hurdle. If it doesn't work on the mac then all that effort getting it to work on the PC was wasted. I also need to understand how to stop the annoying access the printer dialog before i can go live.
  Cheers

  If it is in the wrong format it must probably still show up though, if your mac does detect it, go to disk utilities> choose the device from the left hand side > go to the "erase" tab and change format to "Mac OS extended (Journaled) then hit "erase".
  IMPRTANT! : this will erase ALL of the files on your external hard drive
  If this dosent work, make sure your external hard drive's USB port is compatibe with both USB 2.0 and 3.0 and also make sure your mac USB socket isnt damaged either.
  Hope this helped