Security Exception executing a signed Applet
Dear All,
I get a security exception (file permission ) when i try to execute a signed applet using java plugin version 1.4.2._02, the same applet works good in java plugin version 1.3.1_04.
Any ideas...???
Thanks in advance
KSRK123
Although not a solution for us as we are tied to the 1.2.2 plugin for now, we did try out 1.3.1_10 and it worked fine without any modifications to cacerts.
Please see our listings (below) and let us know if anything comes to mind. I'm fairly new to this but I thought the whole idea with 1.2.2 was that we shouldn't have to mess with the cacerts or policy files on a clients machine. Rather the Root Certificate of the browser was used for verification??
http://forum.java.sun.com/thread.jsp?forum=32&thread=480668&tstart=0&trange=15
http://forum.java.sun.com/thread.jsp?forum=63&thread=480895&tstart=0&trange=15
Similar Messages
-
Access denied to a security provider on a signed applet
Hi,
I'm having permissions problems to work with a security provider.
The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
If I'm working the provider in an signed applet, then there are errors.
Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
log:
<record>
<date>2012-03-13T12:13:39</date>
<millis>1331637219126</millis>
<sequence>17</sequence>
<logger>appletpdf.appletPdf</logger>
<level>SEVERE</level>
<class>appletpdf.appletPdf</class>
<method>applTest</method>
<thread>11</thread>
<message>excepcion: {0} </message>
<exception>
<message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
<frame>
<class>java.security.AccessControlContext</class>
<method>checkPermission</method>
<line>393</line>
</frame>
<frame>
<class>java.security.AccessController</class>
<method>checkPermission</method>
<line>553</line>
</frame>
<frame>
<class>java.lang.SecurityManager</class>
<method>checkPermission</method>
<line>549</line>
</frame>
<frame>
<class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
<method>checkPermission</method>
<line>250</line>
</frame>
<frame>
<class>sun.security.pkcs11.SunPKCS11</class>
<method>login</method>
<line>1036</line>
</frame>
<frame>
<class>sun.security.pkcs11.P11KeyStore</class>
<method>login</method>
<line>874</line>
</frame>
<frame>
<class>sun.security.pkcs11.P11KeyStore</class>
<method>engineLoad</method>
<line>764</line>
</frame>
<frame>
<class>java.security.KeyStore</class>
<method>load</method>
<line>1201</line>
</frame>
<frame>
<class>apppdf.appPdf</class>
<method>tPKCS11</method>
<line>174</line>
</frame>
<frame>
<class>appletpdf.appletPdf</class>
<method>applTest</method>
<line>137</line>
</frame>
<frame>
<class>appletpdf.appletPdf</class>
<method>initapplDPdf</method>
<line>116</line>
</frame>
<frame>
<class>sun.reflect.NativeMethodAccessorImpl</class>
<method>invoke0</method>
</frame>
<frame>
<class>sun.reflect.NativeMethodAccessorImpl</class>
<method>invoke</method>
<line>57</line>
</frame>
<frame>
<class>sun.reflect.DelegatingMethodAccessorImpl</class>
<method>invoke</method>
<line>43</line>
</frame>
<frame>
<class>java.lang.reflect.Method</class>
<method>invoke</method>
<line>616</line>
</frame>
<frame>
<class>sun.applet.PluginAppletSecurityContext$4</class>
<method>run</method>
<line>699</line>
</frame>
<frame>
<class>java.security.AccessController</class>
<method>doPrivileged</method>
</frame>
<frame>
<class>sun.applet.PluginAppletSecurityContext</class>
<method>handleMessage</method>
<line>696</line>
</frame>
<frame>
<class>sun.applet.AppletSecurityContextManager</class>
<method>handleMessage</method>
<line>69</line>
</frame>
<frame>
<class>sun.applet.PluginStreamHandler</class>
<method>handleMessage</method>
<line>273</line>
</frame>
<frame>
<class>sun.applet.PluginMessageHandlerWorker</class>
<method>run</method>
<line>82</line>
</frame>
</exception>
</record>
Fails in the line where the KeyStore is loading:(Pin is correct)
KeyStore myKeyStore=null;
Provider p = Security.getProvider("SunPKCS11-Provider-Name");
myKeyStore = KeyStore.getInstance("PKCS11",p);
char[] pinData = pin.toCharArray();
myKeyStore.load(null, pinData);
Any help would be apreciated.
Thank you.
ByeThank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
Do backup and restore privileges apply at all over a network mount created via "net use"?
The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
user, or is the access check still done with our sync process's run-as user?
We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
S-1-5-32-544" group.
On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate. -
Java.io.File causes "access denied" exception in a signed applet
Hi,
New to these forums and not entirely where it's appropriate to post this issue, so I'll stick it here for now until told otherwise.
The problem:
My applet throws the following exception.
INFO: Exception Message: access denied (java.io.FilePermission C:\Some Dir With Spaces\AnotherDir\FinalDir read)
The psuedo-code:
java.io.File RootPath = new java.io.File( "C:\" );
private boolean doesSubdirectoryExist(String directory) {
boolean mResult = false;
try
java.io.File tmpPath = new java.io.File( RootPath.toString() + java.io.File.separatorChar + directory );
mResult = tmpPath.isDirectory();
tmpPath = null;
catch (Exception e)
... error handling code
return mResult;
private void btnCheckPathActionPerformed(java.awt.event.ActionEvent evt) {
....some other stuff....
doesSubdirectoryExist(.. a text field value from the GUI form..);
....some other stuff....
} The conditions:
1) The applet is signed.
2) The applet runs fine in the AppletViewer.
3) I am using JDK1.5.0_09.
4) When I click the button the event handler is tied to, it works correctly the first time.
5) If I click a second time, with the same value in the text field (i.e. testing for the same subdirectory again) I get the exception error.
I'm pulling my hair out trying to figure this one out. If it were a security issue with the applet running from a browser, why does it work the first time?
Am I failing to release some lock that creating a java.io.File instance creates?
I would appreciate any help.I've identified the issue. I was attempting to access the filesystem from two different thread and/or contexts.
It seems that if I use the SwingWorker class from https://swingworker.dev.java.net/ to perform background tasks in the Worker thread, I don't get the security privileges required to modify the filesystem. Even though I have signed the jar correctly.
However I can access the filesystem quite happily from the Event Dispatcher thread. If my jar is signed correctly.
So, I have the following questions:
1. Why doesn't SwingWorker worker threads get the same security context as the event dispatcher thread?
2. Is there anyway I can give the worker thread the necessary security privileges?
3. Is there anyway to do this without having to write my own thread handling code and creating my own thread pools?
Message was edited by:
Fidotas
Message was edited by:
Fidotas -
Hi there, I've got problems trying to sign an applet with Java 2. That applet is an FTP which is used for uploading files throught the Browser (just upload).
I signed my applet with SDK 1.4.1 when I surfed the page which contains it, the applet works properly (the browser had Java plug in 1.4.1) ... the certificate appeared (thawte), I clicked "Yes" for agreeing the certificate .. everything went fine. The problem was when I tried to navigate that page with a Browser with Java Plug in 1.4.2, I agreed the cetificate, but when I tried to upload a file with the applet the following error happens :
ava.security.AccessControlException: access denied (java.io.FilePermission C:\install\slsk151.wma read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at FtpSigned.upload(FtpSigned.java:463)
at FtpSigned.run(FtpSigned.java:526)
at java.lang.Thread.run(Unknown Source)
after that I downloaded the SDK 1.4.2_02 and I installed the plugin
1.4.2_02 (build 1.4.2_02-b03)
I signed tha applet again and it didn't work ...
please ... I need help!
Thanks in advance.
Nico.Funny, I had a problem going to _03 when it worked fine in _02. Symptoms: In IE, Sun's plug-in displays security warning prompt for signed applet, and, even though the user clicks YES to accept, all priv operations cause exceptions. It sounds like what you're referring to, but I'm wondering why I didn't see it in _02. Anyway, I'm going to look into the doPriv... stuff to see if that fixes my prob and I'll report back FWIW.
-
I have a signed applet that writes some files to the client's local disk. I modified the applet to spawn the file writing into a separate thread. The thread that the signed applet spawns, however, seems to not retain the security rights that my signed applet has, even though the thread is spawned by the signed applet! I receive access restriction exceptions when I write the files with the second thread, but receive no such exception when doing the same thing in the original signed applet code. Is this how the security model is supposed to work?
Do you have really problems with files? or with threads... Maybe it would be enough just to allow the threads permisions...
-
Firefox can't store permanent security exceptions.
I'm using Firefox 3.16.12 (user-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3)
When I try to add security exception for self-signed certificate - I have the same problem as it seen on this video: http://www.youtube.com/watch?v=WatBXY5CxO0
Temporary exceptions are stored without any problems.Found solution for this problem here: http://forums.mozillazine.org/viewtopic.php?f=38&t=1160375&start=0&st=0&sk=t&sd=a
It seems, that something was wrong with cert_override.txt , cert8.db from profile folder. Deleting those file helps. -
Signed applet throws security exceptions
Since nobody seems to be reading the Signe Applet forum, I decided to try here:
Hi all
I have problems with signed applet (self-made cert), and after reading this forum I see this is more or less common.
The problem that I am having is, that I can not use doPrivilege() and similar tricks, because applet needs to be Java 1.1 compatible.
So, signing will have to work.
Applet is signed using 1.5.0_06 jarsigner. Jarsigner verifies it OK.
It works on JVM 1.5.0_06 but not on 1.4.2_08.
Please help me make if work under any JVM.
The error I get is:
Java(TM) Plug-in: Version 1.4.2_08
Using JRE version 1.4.2_08 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\miha
Proxy Configuration: Automatic Proxy Configuration
URL: http://orion.nil.si/proxy.pac
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
java.security.AccessControlException: access denied (java.net.SocketPermission host.domain.dom resolve)
TelnetWrapper PROXY: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:0 connect,resolve)
java.lang.NullPointerException
at net.propero.rdp.ISO.connect(ISO.java:123)
at net.propero.rdp.MCS.connect(MCS.java:84)
at net.propero.rdp.Secure.connect(Secure.java:153)
at net.propero.rdp.Secure.connect(Secure.java:171)
at net.propero.rdp.Rdp.connect(Rdp.java:498)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:615)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:222)
FATAL: java.lang.NullPointerException: nullWhat is funny, is that I have two applets, and one works and the other one doesn't. It is like this:
Applet A (signed) needs to connect to host1, fails and tries to connect through proxy using my proxy library (also signed - different JAR). Everything works.
Applet B (signed) needs to connect to host1, fails and tries to connect through proxy using the same proxy library. It gets a security exception.
All JARs are signed using the same key/certificate.
Both applets try to connect to the same "host1".
Both applets try to use the same proxy - which is different from "host1".
The one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
When I tried to move the proxy object down to the child threads, I get the following exception:
Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
Regards, Miha VitorovicThe one thing that might make a difference, is that in the working applet, everything is within one thread, and in the broken applet, the proxy object is in the main applet thread, and this applet may open many windows, that all utilize the same proxy object - only they can't.
When I tried to move the proxy object down to the child threads, I get the following exception:
Exception in thread "Thread-1952" java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.applet.AppletSecurity.checkPackageAccess(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at net.propero.rdp.Rdesktop.main_nonstatic(Rdesktop.java:567)
at net.propero.rdp.applet.RdpThread.run(RdpApplet.java:211)It seems that I can only create the proxy object in the Applet.init() method, to avoid this exception.
So to, summarize: I would prefer just one object for all threads that I will create, but then my applet behaves like it is not signed (at least under JVM 1.4.2_08). Java 1.5.0_06 doesn't have any problems with this.
Regards, Miha Vitorovic -
Should a signed applet ever throw a security exception?
hi,
I've had a few times when a signed applet seems to throw a security exception (at the moment am trying to figure out a SocketException being thrown).
I thought if the applet was signed, and when the browser asks if you want to grant it permissions you press Yes (which I do), then there should not be any security issues?
thanks,
asjfA signed applet has to assert which permissions it wants. The client JVM then asks the user if they will give those permissions to the signer. If the applet tries to do something for which it hasn't been granted permission a security exception is thrown.
-
Self signed Applet - still getting Security Exception...
Hi everyone...
I m new to Java Mail... Nd I m developing a Applet to send mail from my Gmail account, nd I used keytool, jarsigner to Self sign the applet. Nd I wrote a Html page and when calling my applet method using javascript, I m having Security Exception... And I m using Java 1.5 (i.e., J2SE 5)
Here is the sample of my code...
--------- MyMail.java -----------
import javax.mail.*;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
And all neccessory packages are imported....
public class MyMail extends JApplet
String server = "smtp.gmail.com";
String username;
String password;
String fromAddres="";
String toAddres="";
Other Variable declaration goes here........
Session ses;
Transport tr;
MimeMessage msg;
public void init() //For testing purpose
doLogin("username","password"); //My account details
public void doLogin(String user,String pass)
username = user;
password = pass;
boolean success;
fromAddres = user+"@gmail.com";
toAddres = "[email protected]";
subject = "TEst SubJect";
body = "This is Test Mail";
success = doAuthentication();
if(success)
setHeaders(server,username,password,fromAddres,toAddres,cc,bcc,htmlFormat,subject,body);
sendMail(ses);
doLogout();
public void doLogout()
//Deals with the logout from my account
public boolean doAuthentication()
//Deals with the authentication of my account
// Setting properties, creating a session, getting transport object...
//and returns true if authentication is success, false if not.
public void setHeaders(String server, String username, String password, String fromAddress, String toAddress, String cc, String bcc, boolean htmlFormat, String subject, String body)
//Sets the headers fields for the message (recieved through arguments)
public void sendMail(Session ses)
//Deals with sending mail
class MyPasswordAuthenticator extends Authenticator
//Deals with the authentication of my account
---------- MyMail.html -----------
<html>
<head>
<script language=javascript>
function sendmail()
document.MyMail.doLogin("username","password"); //my account details
</script>
</head>
<body>
<input type=button name=but value=Send mail onclick=sendmail()>
<applet name=MyMail code=MyMail.class
archive=mail.jar,activation.jar,mailplus.jar width=0 height=0>
</applet>
</body>
</html>
And the applet is Self signed using the tools supplied from Java SDK...
it got signed...
And as the applet got loaded when i opend the MyMail.html, as i called the doLogin(..,..) in init() it is sending mail successfully...
The problem is.... As I given the action for my button to send mail (by calling java method from java script i.e., calling doLogin() when the button clicked) I m getting Security Exception
So...anyone plz tell me the solution....
Thnx in advance....
- Kantahttp://www.google.nl/search?hl=nl&q=site%3Asun.com+javascript+signed+applet&btnG=Google+zoeken&meta=
DoPrivileged would solve your problem but I've seen some cases where the
threaded (link mentioned below second post) mothod is the only way it'll work.
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028 -
Signed applet not working in firefox - java.security.AccessControlException
Hello,
I have a signed applet that works fine in IE 7 but in Firefox I'm getting this exception in the java console:
java.security.AccessControlException: access denied (java.net.SocketPermission myhost.com resolve)
I already tried to run the applet with different JRE versions in Firefox with the same result: 1.6.0_01, 1.6.0_02, 1.6.0_03, 1.6.0_05
I'll appreciate your help.thanx 4 replying
using the browser to view Applet is not recomended that is because if u change the the source-code and recompile the applet then run it using the broswer it will run the old-version
Also i've found the solution here
http://www.cs.utah.edu/classes/cs1021/notes/lecture03/eclipse_help.html -
Security Problems with Signed Applet
Hello All,
I need help with signed applets.
I have an applet pkged in a jar that uses other jars. I have signed the jar containing applet and all the other jars being used. However, when I try to run the applet in IE 6.0.xx, I get the following error
java.lang.ExceptionInInitializerError
at aaa.aaa.somemethod(xxx.java:192)
at aaa.aaa.aaa.access$000(xxx.java:27)
at aaa.aaa.aaa.$1.run(xxx.java:467)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
... 3 moreMy application is using Java 1.4.2.xx.
Any help or pointers would be greatly appreciated.
Thanks.Thanks harmmeijer and mjparme for your responses.
I made some changes to my application and it does not now require the system property information. But now I am getting another exception related to class loader.
I made the changes to the console as suggested by harmmeijer, and here is the stack trace. Also, I am not using any JavaScript explicitly.
Registered modality listener
Invoking JS method: document
Invoking JS method: URL
Referencing classloader: sun.plugin.ClassLoaderInfo@e0a386, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...<init>(a.java:39)
at xxx.xxx.b...<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at xxx.xxx.a...ToolBus.<init>(a.java:39)
at xxx.xxx.b....<init>(b.java:42)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Modality pushed
Modality poppedmjparme as to your second point, the action is taking place in the same jar only. No other jar is involved at the stage where I am getting exception.
Thankyou again and will appreciate your help.
AC -
Signed applets in 1.4.1: non-trust ignored: severe security problem?
Hello all,
I am signing applets with a developer certificate.
Until know everything worked fine with Plugin 1.3.1.
Know I changed to Plugin 1.4.1 and encountered a strange behaviour: When I open the HTML page with a browser (tried IE 5.5 and Mozilla 1.1) the certificate-question pops up. The problem: if I choose not to trust the certificate, the applets starts nevertheless and I can use the system clipboard inside my Applet (for what applets needs to be signed)!
This looks like a severe security problem!
Does anyone know anything about this? Can you reproduce this?
thanx!
MarcusHi,
I tried to reproduce what you said with plugin 1.4.0 (I don't have 1.4.1 yet) and IE6.0 (It doesn't have anything to do with the browser)
My Java console said :
"User has denied the priviledges to the code
writeFile: caught security exception"
The security seems to work OK in 1.4.0.
I will have to try 1.4.1.
Patrick -
RuntimePermission exception on RMI lookup on a signed Applet
Hi everybody,
Here is my problem : I want to call an ejb from my applet, using RMI.
But, as it is an applet, I get a security exception when I make the naming lookup :
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.rmi.server)
I have been wandering for two days in the Java Sun sites and forums to find out how to pass through this problem.
Too many information is no information : I am not sure to have the correct answer; but here is what I have found :
All I have to do is to make a self-signed Applet (for testing purpose, before having a real certificate), using keytool and jarsigner, and use it with Java Plugin. Doing that will give AllPermission to the signed code, if the user agrees through a Java Plugin dialog.
(see http://java.sun.com/products/plugin/1.2/docs/nsobjsigning.html)
But... that doesn't work (who said 'of course' ?) :
I get the granting dialog, and even if I agree, I always get the same java.lang.RuntimePermission accessClassInPackage exception.
The strange think is that I tried to write a file on the client machine for testing the permission, and that works fine with this same signed applet.
I think that AllPermission implies FilePermission and also RuntimePermission, doesn't ?
Is this behaviour related to my self-signed certificate ? (in this case, why can i write a file ?)
What am I missing ?
Any help will be welcome,
many thanks
bernard
PS. : Of course, i don't want the user to modify its java policy or security configuration as it is often "mission impossible".Sorry, i forgot : i am using Java Plugin v 1.3.1_02
B -
Change language on the security warning popup when using signed applets
Hi
Today when we use a signed applet the user get a security warning popup box where the langauge is English.
Is it possible to change the language to other that English and if possible how can this be done ?
Thanks in Advance,
Henrik Rasmussen
DenmarkThe Microsoft one is especially annoying because they should know better than to submit from secure to insecure.
Let's say you are currently logged in to a Microsoft account and you click Sign in on MSDN. The site redirects to login.live.com, which recognizes that you are logged in, and generates a page with a hidden form and submits it back to MSDN using a script. This is where the problem is, because the hidden form action URL is not secure, yet it is on a secure page. (See Screen shots)
The workaround (hack, whatever) is to modify the form to a secure address before it is submitted. How can you do that? Since it is impractical to do by hand, you can use an add-on.
In an earlier thread, user thx1200 posted a link to a userscript that fixes this issue on login.live.com. The userscripts''.''org site has seemingly died, but there is a copy on a mirror of that site.
* Earlier thread (long): [https://support.mozilla.org/questions/964250 How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection]
* You need Greasemonkey to run user scripts: https://addons.mozilla.org/firefox/addon/greasemonkey/
* User script install page: [http://userscripts-mirror.org/scripts/show/173384.html Fix security warning for Microsoft Live login] -
Signed applet works on pc but can't print on mac! security issue!
Hello
I have an applet which works beautifully on the pc under ie, firefox, chrome and safari. Essentially - it uses the batik libraries to download an svg file and then print it.
Problem is that firstly - no matter which operating system or browser the applet ALWAYS asks me if i want to give it access to the printer. The checkbox that says don't ask this again does not work except while the same applet is loaded. Subsequent loads make it reappear. So that one annoys me.
But the big issue is that under the Mac OSX my applet will not print. It claims a SocketPermission issue for the localhost port 631 connect,resolve. Of course, before you ask, yes, the jar is signed , and yes i was asked on the mac if i trust this user. It is a self signed certificate by the way.
I have no idea why the mac is not allowing my trusted app access to the printer when the other operating systems do. Is it perhaps that i am not somehow getting the AllPermission policy file read?
I have no idea where to even put the java.policy.applet that eclipse generates so i also put it into my jar file. I can't find any knowledge of that file out there or where to deploy it but i keep seeing reference to java.policy. so i copied java.policy.applet and renamed it java.policy and also included that in my jar. the upshot of doing that? Nada. With or without those policy files in my jar it makes no difference.
DocPrintJob tmpJob = tmpPrinter.createPrintJob();
HashPrintRequestAttributeSet set = new HashPrintRequestAttributeSet();
tmpJob.print(tmpDoc, set); // its this line that fails
I am new to java development (well actually about 8 years abstained from it) and this is one of those prototypes that says we either will use java or we won't. Please help, its the final hurdle. If it doesn't work on the mac then all that effort getting it to work on the PC was wasted. I also need to understand how to stop the annoying access the printer dialog before i can go live.
CheersIf it is in the wrong format it must probably still show up though, if your mac does detect it, go to disk utilities> choose the device from the left hand side > go to the "erase" tab and change format to "Mac OS extended (Journaled) then hit "erase".
IMPRTANT! : this will erase ALL of the files on your external hard drive
If this dosent work, make sure your external hard drive's USB port is compatibe with both USB 2.0 and 3.0 and also make sure your mac USB socket isnt damaged either.
Hope this helped
Maybe you are looking for
-
MSI 880GM-e35 Wakeing up from sleep by USB mouse or USB keyboard
I have two 880gm-e35 boards that will not wake up from sleep by Keyboard or mouse. (S3) sleep condition. -They wake up by tapping the power button..ok. On the E-35 boards If I set the (S1) Sleep condition where the fans stay on and power light does n
-
Multiple devices with iMessage, FaceTime and calendar in the cloud
Hi There are a number of posts on this, but this is what I do and the issues I face: My wife and I use a common apple ID for: Notes Reminders Calandars Photostream (when it works, but there are other postings on that) Apps i.e everything else, Music,
-
Screen went gray need to be fixed under international warranty?!
Hello, I just bought Macbook Pro 13.3 inch, md 101 i believe is the 2010 model from Dubai last month. I bought it in Computer Plaza which is the place most people in Dubai go for a good deals. After using 1.5 month the screen went blank, after power
-
Extremely high fan speeds while using Skype
I have a MAc book pro intel based, the fan goes on whirling at the hihgest possible speed even when there is about 30% of cpu usage i tried the SMC and the PRAM reset but it hasn't helped me at all. Does any one ave any idea how to fix this problem?
-
Import Discharge transit not reflecting
Hello Team, I have created a PO and entered the Previous document type and MRN number in Foreign trade Import data of PO and Inbound Delivery but still my document is not reflecting in Transit procedure. am I missing somewhere? please help me in this