Signed applet accessing remote host getting AccessControlException

Similar Messages

• **URGENT : signed applet still doesn't get full permissions**

  I've bought a Microsoft Authenticode certificate with which I signed a CAB file containing my class files...
  On a client machine, the browser detects security stuff but even when one acknowledges, the applet still doesn't get the permission, for instance, to open a directory for reading... a SecurityException is thrown as if the applet was not signed.
  Have I forgotten something or did another one wrong ?? Must I set the Security Manager to null ????
  It's really urgent, so please reply asap !!!
  Thanks,
  R�gis Kuckaertz

  Just signing the applet doesn't give it any permissions. You have to assert whatever permissions you want. For example:
  import com.ms.security.*; // need dummy classes to compile for non-MS
  // check if we are in the MS JVM
  if (Class.forName("com.ms.security.PolicyEngine") != null)
      // Assert all Permissions
      PolicyEngine.assertPermission(PermissionID.SYSTEM);
  catch (Throwable cnfe)
      System.out.println("Microsoft JVM permissions not asserted.");
      System.out.println(cnfe.getMessage());
  }

• Signing applets/ access controll violations

  I have just created a fairly simple game (much like that marble jumping solitare game), that is nice, fine, and works. But, however I run it in applet viewer, which automaticly gives it full power and stuff. If i try to run it in it's webpage, it says that it is not allowed to access the reasource default.txt (the default map file). How can I make it run in a webpage? Would it run on a server? Would it run on a completely seperate folder on a person's computer (aka family)? Can I use other files destributed later for new maps(withough more steps, just read the plain text file--It has the ablity to customise the file loaded)?
  To sum it up: can I give something to my mum, so that she can click a shortcut and have it just work?

  thawte? I haven't herd of it.
  also: this is the code that reads the file:
  public void resetBoard() {
    try {
     theFileReader = new FileReader(fileName);
     theReader = new BufferedReader(theFileReader);
     String temp;
     for(int i = 0; i<X_BOXES; i++) {
      temp = theReader.readLine();
      for(int j = 0; j<Y_BOXES; j++) {
       if(temp.charAt(j) == ' ') {
        board[j] = -1;
  } else {
  board[j][i] = Integer.parseInt(String.valueOf(temp.charAt(j)));
  } catch(Exception e) {
  System.out.println(e);
  by the way, theFile can be changed, to load other files

• Signed applets called from javascript - how/where to load policy file?

  I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
  So, I can get things to work if I place the following two lines in my 'local' JDK installation:
  permission java.io.FilePermission "${user.home}/x.properties", "read,write";
  permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
  What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
  I'd REALLY appreciate any help I could get on this...
  thanks in advance,
  +0^^

  Maybe you didn't realize but my previous post was sarcastically ment:
  "hello SUN security stop bugging me in writhing this malicious program"
  and
  "hello SUN security, I'm a good boy now trust what I'm doing"
  Are in a practical sense exactly the same.
  SUN should either remove the stack check or the doprivileged. The stack check takes up
  valuable resources for nothing since a malicious program can easily circumvent that.
  Your post about a malicious user abusing your (CA) signed applet to ruine someone's
  system is correct, it would not be difficult. A CA signed applet will not even ask a user to
  trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
  used on "grandma's old PC" since it's too complicated for users to do such things.
  YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
  certificate!).Actually you are to blame, because you made software that exposes a vonurability
  other people can take advantage of.
  what you can do before calling the doprivileged private method is check the call stack.
  So your signed applet has a public method checking the callstack, if this lookes OK
  that method will call the private doprivileged method.
  Here is the example
  package t;
  import java.util.Properties;
  import java.applet.Applet;
  public class test extends Applet {
           public test(){
                 startingPrivileged();
           public void startingPrivileged(){
                 System.out.println("this is the stack");
                 try{
                      throw new Exception("get the call stack");
                 }catch(Exception e){
                      StackTraceElement stack[] = e.getStackTrace();
                      for (int i=0; i<stack.length; i++) {
                           System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
                      // this is a really simple check to see if this method was started from the t. package
                      // a good hacker can just create it's own package named t and take advantage of this method
                      // if this method was started from the same package there is no reason to make this method
                      // public, protected would work.
                      // there must be a better way to check if this method was called by "your" or "trusted" code
                      if(stack[1].getClassName().startsWith("t.")){
                           dosomePrivileged();
            private void dosomePrivileged(){
                 System.out.println("this is the method that does privileged stuff");
       public static void main(String args[]) {
            new test();

• Java.security.AccessControlException: access denied; for a signed applet

  Hi,
  I have a signed applet which is used to read local files. When I call the applet method which is reading the file, from javascript I am getting "java.security.AccessControlException: access denied ". Where as if the method gets called during applet load, file is read without errors? How can I get over this problem?
  If there is a way loading the applet based on a condition from Javascript, please let me know.
  Thanks,

  [http://forums.sun.com/thread.jspa?forumID=421&threadID=5308353]

• Do I need to have my site uploaded to a remote host for embeded formscentral form  to work? I am getting a broken section of header with a warning sign on top corner saying "!Local host." Cheers

  Hey there all.
  I am wondering if there is something wrong with my embedded form or if it is simply because
  I have not uploaded my site to remote host yet? I am only getting a broken part of the header with
  no actual form, with a warning "!local host" in top left hand corner. If anyone could enlighten
  me on this problem it would be greatly appreciated, it is my first time making forms

  Cheers, I noticed some browsers were treating the form differently. I am uploading to a test server tomorrow, hopefully all goes well, thanks for your reply  

• NIGHTMARE! Signed Applet - No Access. Please Help.

  Hi:
  I'm trying to make a signed applet gain access to my directory structure.
  I created a simple applet to test with one line:
  sErr = System.getProperty("user.dir");
  The code is below.
  I sign it using the following:
  keytool -genkey -keyalg rsa -storepass MyCerts
  As you can see I'm using the default keystore but I've tried it by using -keystore MyKeystore too.
  It runs me through all the questions which I answer, no problems.
  Then I sign it:
  jarsigner -signedjar SSignedApplet.jar SignedApplet.jar MyCerts
  It asks for the passwords which I enter.
  It completes without error and the SSignedApplet.jar file shows up in the directory.
  If I open the signed jar file it has all 3 of the files in the META-INF folder and the Manifest file looks right to me.
  I upload the jar and the Default.asp file to a Web server (I've tried localhost and a remote host).
  I open the page and the pop up comes up asking if I want to trust the unverified applet. I click 'Run'.
  Once the applet is 'Started' I click the 'Get Properties' button and I get the error:
  access denied (java.util.PropertyPermission user.dir read)
  I've tried 2 examples that work fine on my machine (that I didn't write).
  The first is by Francois Orsini (Derby Demo) and the other is by Laura MacDougal (successfully wrote a file to my user.dir directory).
  No matter what I do, I can't sign an applet and make it access anything.
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  <html lang="en-US">
  <head>
  <script language="JavaScript" type="text/javascript">
  <!--
  function getProp()
       oApplet = document.SampleApplet;
       oApplet.getProp();
       alert(oApplet.sErr);
  // End SCRIPT -->
  </script>
  </head>
  <body bgcolor="#ffffff" style="margin:0px auto;width:800px;padding:0px">
  <form name="fmLogin" action="" method="POST">
  <table width="650" align="center" cellpadding="0" cellspacing="0">
       <tr>
            <td>Login</td>
            <td><input name="Login"></td>
       </tr>
       <tr>
            <td>Password</td>
            <td><input name="Password"></td>
       </tr>
       <tr>          
            <td colspan="2"><input type="button" onclick="getProp();" value="Get Property"></td>
       </tr>
  </table>
  </form>
  <APPLET CODE="SignedApplet.SampleApplet.class" WIDTH=1 HEIGHT=1 NAME="SampleApplet" ARCHIVE="SSignedApplet.jar"></APPLET>
  </body>
  </html>
  package SignedApplet;
  import java.applet.*;
  import java.io.*;
  import java.util.*;
  public class SampleApplet extends java.applet.Applet {
      public String sErr = "";
      public void init() {
          // TODO start asynchronous download of heavy resources
      public void getProp()
          try
              sErr = System.getProperty("user.dir");
          catch(Exception exp)
              sErr = exp.getMessage();
      // TODO overwrite start(), stop() and destroy() methods
  }

  Thank you for reading my reply in your other thread:
  http://forum.java.sun.com/thread.jspa?threadID=762212&messageID=4368224#4368224
  If you've really run through it you would have known that code called from
  javascript is not trusted and you have to use doprivileged (hey its in bold...
  why would that be?).
  Call getProp from init within the applet and you've got no problem.
  As for your imageIcon, creating one with string as a parameter
  the string is used as input for a File. I had no problem loading one with a signed applet.
  I'll post the example later in your other thread.

• File read access denied for signed applet

  Hi:
  I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
  java.lang.Exception: java.security.AccessControlException:
      access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
      private KeyStore ks;
      private Provider provider;
      private static final String providerName    = "PKCS11";
      private static final String providerLibrary = "aetpkss1.dll";
      public void loadKeyStore(String pin) throws IOException,
       CertificateException, KeyStoreException, NoSuchAlgorithmException {
       if (provider == null)
           registerProvider(providerLibrary);
       try {
           ks = KeyStore.getInstance(providerName,provider);
       } catch (Exception e) {
           throw new KeyStoreException("Failed get keystore instance\n"
                           + e.getMessage());
       try {
           ks.load(null, pin.toCharArray());
       } catch (Exception e) {
           throw new KeyStoreException("Failed load keystore\n"
                           + e.getMessage());
      public void registerProvider(String library)
       throws FileNotFoundException, KeyStoreException {
       String fileName;
       if (new File(library).isAbsolute())
           fileName = library;
       else
           fileName = getAbsolutePath(library);
       if (!(new File(fileName).exists()))
           throw new FileNotFoundException("No such file: " + fileName);
       String config = "name = " + providerName + "\n"
           + "library = " + fileName;
       ByteArrayInputStream confStream =
           new ByteArrayInputStream(config.getBytes());
       try {
           provider = new sun.security.pkcs11.SunPKCS11(confStream);
           Security.addProvider(provider);
       } catch (Exception e) {
           throw new KeyStoreException("Can initialize " +
                           "Sun PKCS#11 provider. Reason: " +
                           e.getCause().getMessage());
      private String getAbsolutePath(String lib) throws FileNotFoundException {
       String[] searchPath;
       /* NOTE: This should be modified to suit different versions of   *
        *       Windows and not just Windows XP                         */
       if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
           searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                           "C:\\java" };
       } else {
           searchPath = new String[] { "/usr/local/lib/" };
       for (int i = 0; i < searchPath.length; i++) {
           if ((new File(searchPath[i] + File.separator + lib).exists()))
            return (searchPath[i] + File.separator + lib);
       throw new FileNotFoundException("Library not in search path " + lib);
      }The above code is called by a java script, the class' constructor is empty.
  The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
  The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
  I have also made a CLI application that uses the above code and it works perfectly.
  So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
  The certificate I generated with
  keytool -genkey -keystore mystore -alias me
  keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
  Thanks! Erik

  The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
  It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
  A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

• Signed applet not working in firefox - java.security.AccessControlException

  Hello,
  I have a signed applet that works fine in IE 7 but in Firefox I'm getting this exception in the java console:
  java.security.AccessControlException: access denied (java.net.SocketPermission myhost.com resolve)
  I already tried to run the applet with different JRE versions in Firefox with the same result: 1.6.0_01, 1.6.0_02, 1.6.0_03, 1.6.0_05
  I'll appreciate your help.

  thanx 4 replying
  using the browser to view Applet is not recomended that is because if u change the the source-code and recompile the applet then run it using the broswer it will run the old-version
  Also i've found the solution here
  http://www.cs.utah.edu/classes/cs1021/notes/lecture03/eclipse_help.html

• Signed applet sometimes throws AccessControlException

  Hello,
  Apparently I'm not the only one on this forum who's getting AccessControlExceptions in an applet. The strange thing is that I'm not getting them all the time.
  I have a signed applet that's requesting files from a server (http) in regular intervals (thread). When the server sends back a file, it's written to the local filesystem. There's also a logging mechanism that's write files to the filesystem. Normally this applet runs continuously for weeks, months, ...
  This system has been working fine for years now, until a few months ago. Now I sometimes get an AccessControlException while reading a System.getProperty or while reading file from the filesystem. Usually the applet runs fine for day without access problems and then suddenly I get a AccessControlException: Access denied on an action that wasn't a problem the last 1000 times it performed.
  My first thought was that it might be an update of the JVM that was causing it. So I tried downgrading to 1.5, even 1.4 and still got the same problem.
  Does any one has an idea what's causing this? I'm pretty much stuck on this problem.
  Thanks.
  Andy

  May be you have updated the .java files which are related to your applet and if u update the .java files, u need to recompile and need to re-sign the applets
  or
  When you are signing the applet you will tell, how many number of days I think that may be expired...
  otherwise no need....
  This may be one reason.... Once I faced
  May be this will help u

• Access denied to a security provider on a signed applet

  Hi,
  I'm having permissions problems to work with a security provider.
  The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
  If I'm working the provider in an signed applet, then there are errors.
  Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
  grant codeBase "file:${{java.ext.dirs}}/*" {
  permission java.security.AllPermission;
  Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
  log:
  <record>
  <date>2012-03-13T12:13:39</date>
  <millis>1331637219126</millis>
  <sequence>17</sequence>
  <logger>appletpdf.appletPdf</logger>
  <level>SEVERE</level>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <thread>11</thread>
  <message>excepcion: {0} </message>
  <exception>
  <message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
  <frame>
  <class>java.security.AccessControlContext</class>
  <method>checkPermission</method>
  <line>393</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>checkPermission</method>
  <line>553</line>
  </frame>
  <frame>
  <class>java.lang.SecurityManager</class>
  <method>checkPermission</method>
  <line>549</line>
  </frame>
  <frame>
  <class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
  <method>checkPermission</method>
  <line>250</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.SunPKCS11</class>
  <method>login</method>
  <line>1036</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>login</method>
  <line>874</line>
  </frame>
  <frame>
  <class>sun.security.pkcs11.P11KeyStore</class>
  <method>engineLoad</method>
  <line>764</line>
  </frame>
  <frame>
  <class>java.security.KeyStore</class>
  <method>load</method>
  <line>1201</line>
  </frame>
  <frame>
  <class>apppdf.appPdf</class>
  <method>tPKCS11</method>
  <line>174</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>applTest</method>
  <line>137</line>
  </frame>
  <frame>
  <class>appletpdf.appletPdf</class>
  <method>initapplDPdf</method>
  <line>116</line>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke0</method>
  </frame>
  <frame>
  <class>sun.reflect.NativeMethodAccessorImpl</class>
  <method>invoke</method>
  <line>57</line>
  </frame>
  <frame>
  <class>sun.reflect.DelegatingMethodAccessorImpl</class>
  <method>invoke</method>
  <line>43</line>
  </frame>
  <frame>
  <class>java.lang.reflect.Method</class>
  <method>invoke</method>
  <line>616</line>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext$4</class>
  <method>run</method>
  <line>699</line>
  </frame>
  <frame>
  <class>java.security.AccessController</class>
  <method>doPrivileged</method>
  </frame>
  <frame>
  <class>sun.applet.PluginAppletSecurityContext</class>
  <method>handleMessage</method>
  <line>696</line>
  </frame>
  <frame>
  <class>sun.applet.AppletSecurityContextManager</class>
  <method>handleMessage</method>
  <line>69</line>
  </frame>
  <frame>
  <class>sun.applet.PluginStreamHandler</class>
  <method>handleMessage</method>
  <line>273</line>
  </frame>
  <frame>
  <class>sun.applet.PluginMessageHandlerWorker</class>
  <method>run</method>
  <line>82</line>
  </frame>
  </exception>
  </record>
  Fails in the line where the KeyStore is loading:(Pin is correct)
  KeyStore myKeyStore=null;
  Provider p = Security.getProvider("SunPKCS11-Provider-Name");
  myKeyStore = KeyStore.getInstance("PKCS11",p);
  char[] pinData = pin.toCharArray();
  myKeyStore.load(null, pinData);
  Any help would be apreciated.
  Thank you.
  Bye

  Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
  Do backup and restore privileges apply at all over a network mount created via "net use"?
  The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
  user, or is the access check still done with our sync process's run-as user?
  We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
  S-1-5-32-544" group.
  On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
  file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
  My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.

• Signed Applet AccessControlException

  I am seeing some behaviour that seems very weird. I have a signed applet that is trying to connect to a JMS topic. However when I create the topic connection [topicConnectionFactory.createTopicConnection()] I get:
  java.lang.ExceptionInInitializerError caused by
  AccessControlException: access denied (java.util.PropertyPermission... read)
  This is unexpected because (1) the applet is signed, (2) I explicitly (and successfully) perform the following security checks before the createTopicConnection method call:
  security.checkPermission(new AllPermission());
  security.checkPropertiesAccess();
  If anyone has any suggestions, they would be greatly appreciated. Thanks, -mike.
  My full debug trace is:
  [JMSApplet] DEBUG test permissions
  [JMSApplet] DEBUG okay, all permissions
  [JMSApplet] DEBUG okay, property permissions
  java.lang.ExceptionInInitializerError
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Unknown Source)
       at org.jboss.util.NestedThrowable$1.class$(NestedThrowable.java:101)
       at org.jboss.util.NestedThrowable$Util.<clinit>(NestedThrowable.java:101)
       at org.jboss.mq.SpyJMSException.<init>(SpyJMSException.java:67)
       at org.jboss.mq.Connection.authenticate(Connection.java:883)
       at org.jboss.mq.Connection.<init>(Connection.java:238)
       at org.jboss.mq.Connection.<init>(Connection.java:315)
       at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:59)
       at org.jboss.mq.SpyConnectionFactory.createTopicConnection(SpyConnectionFactory.java:78)
       at com.octigabay.pce.web.applets.JMS2JSApplet.setupTopicConnection(JMS2JSApplet.java:278)
       at com.octigabay.pce.web.applets.JMS2JSApplet.start(JMS2JSApplet.java:153)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission org.jboss.util.NestedThrowable.parentTraceEnabled read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at org.jboss.util.NestedThrowable$Util.getBoolean(NestedThrowable.java:123)
       at org.jboss.util.NestedThrowable.<clinit>(NestedThrowable.java:39)
       ... 14 more

  It's an interesting way, and hope you haven't tried...
  Create a subclass of SecurityManager
  * MySecurityManager.java
  * @author  jMike
  public class MySecurityManager extends SecurityManager {   
      /** Voids any Permission */
      public void checkPermission(java.security.Permission permission) {
      /** Voids any Permission */
      public void checkPermission(java.security.Permission permission, Object obj) {
  }Then in your applet add the following line within the constructor(s) or init method.
  try{
      new MySecurityManager();
  } catch (AccessControException ace){
      // User didn't allow the signed applet
      JOptionPane.showMessageDialog(this,ace.getMessage(),"jMike :: Excepci�n",JOptionPane.ERROR_MESSAGE);
  ...The applet must be signed.
  MySecurityManager allows any permission, however, you can control the ones you want.
  Hope to be helpfull, make me know if not
  ...where Java has never gone before.

• Applet in JDK 1.1 accessing remote database

  Hi,
  I'm trying to make an Applet access a remote Oracle Database using Jdbc thin driver. The database and the Web Server are in deferent machines. The browser i'm using is Internet Explorer. But I always get the followin exception:
  Cannot access "remote-machine" at com/ms/security/premissions/NetIOPermissionCheck.
  How can I solve that?
  Thank you,
  Nei

  Another interesting thing is, the applet ( jar) that is signed will display the security dialog if I connect from a client that has java plugin 1.4 ( jsdk 1.4) or if I copy it and run it on a j2sdk1.4 machine. I checked the java.policy files on both 1.3.1 machine and 1.4.1 and they are the same.
  TIA
  Krishna

• AccessControlException - in signed applet

  hi all,
  I am using signed applet, i given all permission and all socket permission , still i am getting following error.
  java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.222:6060 connect,resolve)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkConnect(Unknown Source)
       at java.net.DatagramSocket.send(Unknown Source)
       at gov.nist.javax.sip.stack.UDPMessageChannel.sendMessage(UDPMessageChannel.java:727)
       at gov.nist.javax.sip.stack.UDPMessageChannel.sendMessage(UDPMessageChannel.java:572)
       at gov.nist.javax.sip.stack.SIPClientTransaction.sendMessage(SIPClientTransaction.java:355)
       at gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:759)
       at gov.nist.applet.phone.ua.MessengerManager.deRegister(MessengerManager.java:565)
       at gov.nist.applet.phone.ua.MessengerManager.unRegisterAndReRegister(MessengerManager.java:523)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet.jMenuItemRegisterActionPerformed(NISTMessengerApplet.java:517)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet.access$7(NISTMessengerApplet.java:503)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet$5.actionPerformed(NISTMessengerApplet.java:424)
       at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
       at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
       at javax.swing.AbstractButton.doClick(Unknown Source)
       at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
       at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
       at java.awt.Component.processMouseEvent(Unknown Source)
       at javax.swing.JComponent.processMouseEvent(Unknown Source)
       at java.awt.Component.processEvent(Unknown Source)
       at java.awt.Container.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  Exception in thread "AWT-EventQueue-2" java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.0)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkExit(Unknown Source)
       at java.lang.Runtime.exit(Unknown Source)
       at java.lang.System.exit(Unknown Source)
       at gov.nist.core.InternalErrorHandler.handleException(InternalErrorHandler.java:27)
       at gov.nist.javax.sip.stack.UDPMessageChannel.sendMessage(UDPMessageChannel.java:733)
       at gov.nist.javax.sip.stack.UDPMessageChannel.sendMessage(UDPMessageChannel.java:572)
       at gov.nist.javax.sip.stack.SIPClientTransaction.sendMessage(SIPClientTransaction.java:355)
       at gov.nist.javax.sip.stack.SIPClientTransaction.sendRequest(SIPClientTransaction.java:759)
       at gov.nist.applet.phone.ua.MessengerManager.deRegister(MessengerManager.java:565)
       at gov.nist.applet.phone.ua.MessengerManager.unRegisterAndReRegister(MessengerManager.java:523)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet.jMenuItemRegisterActionPerformed(NISTMessengerApplet.java:517)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet.access$7(NISTMessengerApplet.java:503)
       at gov.nist.applet.phone.ua.gui.NISTMessengerApplet$5.actionPerformed(NISTMessengerApplet.java:424)
       at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
       at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
       at javax.swing.AbstractButton.doClick(Unknown Source)
       at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
       at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
       at java.awt.Component.processMouseEvent(Unknown Source)
       at javax.swing.JComponent.processMouseEvent(Unknown Source)
       at java.awt.Component.processEvent(Unknown Source)
       at java.awt.Container.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)

  Do you trust java exception handling mechanism ??? If so, check all yours given permission one more time, try to find work examples how to do it.
  Try to find the solution here: http://java.sun.com/developer/technicalArticles/Security/applets/index.html

• AccessControlException in signed applet for simply reading local file

  I have a simple applet that reads specified local image files and uploads them to our server. On both Mac OS X and WinXP (firefox and IE7), I get the following error. I signed the applet using an InstantSSL code signing certificate (not so easy getting this to work, but I'm pretty confident I did it correctly).
  java.security.AccessControlException: access denied (java.io.FilePermission /Users/scott/Documents/photos/Ken_and_Scott.jpg read)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
       at java.io.File.length(File.java:813)
       at org.apache.http.entity.mime.content.FileBody.getContentLength(FileBody.java:89)So just on getting the file length, it's throwing this exception. Interestingly, this file passed both file.exists() and file.canRead() checks within the applet (in windows the path is a bit different of course but also passes both those checks). Also, that file has no read restrictions and I can load it in a browser no problem.
  I assume I'm missing a step in the applet code signing process, maybe a step that says I'm allowed to read local files?

  I figured out my issue, the apache HttpClient library needed to be signed too apparently.