Signing applets/ access controll violations

I have just created a fairly simple game (much like that marble jumping solitare game), that is nice, fine, and works. But, however I run it in applet viewer, which automaticly gives it full power and stuff. If i try to run it in it's webpage, it says that it is not allowed to access the reasource default.txt (the default map file). How can I make it run in a webpage? Would it run on a server? Would it run on a completely seperate folder on a person's computer (aka family)? Can I use other files destributed later for new maps(withough more steps, just read the plain text file--It has the ablity to customise the file loaded)?
To sum it up: can I give something to my mum, so that she can click a shortcut and have it just work?

thawte? I haven't herd of it.
also: this is the code that reads the file:
public void resetBoard() {
try {
   theFileReader = new FileReader(fileName);
   theReader = new BufferedReader(theFileReader);
   String temp;
   for(int i = 0; i<X_BOXES; i++) {
    temp = theReader.readLine();
    for(int j = 0; j<Y_BOXES; j++) {
     if(temp.charAt(j) == ' ') {
      board[j] = -1;
} else {
board[j][i] = Integer.parseInt(String.valueOf(temp.charAt(j)));
} catch(Exception e) {
System.out.println(e);
by the way, theFile can be changed, to load other files

Similar Messages

Links not generated because of an access control violation

Filr 1.1.0.653-HP668
Our users can't share files by generating links in some netfolders. In some net folders it works ...
All net folders are located at the same file server. The users does have the same rights to the file server in eDir.
Errormessage looks like: "The links for 'xxx.pdf' could not be generated because of an access control violation."
I checked the configuration of that net folders and compared to the net folders where the users can create that links in Filr - nothing
I double checked the rights of that net folders and compared to the net folders where the users can create that links in eDir - nothing
I removed and reassigned the right "File Link" to "Users", "Net Folders" and "Share Settings" without success.
Can someone point me in the right direction? Is it possible that this is somehow related to creation time of the net folders (we had net folders in Filr before the feature to share links was included, and we have net folders which have been created after this feature exists)
Please help ...

bytesnake,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com

Signed applet accessing remote host getting AccessControlException

I'm fairly new to java development, so hopefully this is an easy answer, but in my searching I haven't yet been able to figure out why this isn't working for me.
I have a self-signed applet, running on a server in my intranet. I understood that using a signed applet would allow connecting to any host within the applet. In the applet, I'm using the following code to try to connect to a remote host, which is also in my intranet:
import org.apache.commons.net.ftp.*;
FTPClient ftp = new FTPClient();ftp.connect("[myhost]");
//Where [myhost] is the name of the host I'm trying to connect to.This works fine when running from Eclipse Applet Viewer, but when I run from the website, I get the prompt to accept the signature and run. I click run. When the code above runs, I get the following exception:
ava.security.AccessControlException: access denied (java.net.SocketPermission cmdsp.bsu.edu resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at java.net.InetSocketAddress.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at org.apache.commons.net.DefaultSocketFactory.createSocket(DefaultSocketFactory.java:53)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:162)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:250)
at Deploy.DeployCard(Deploy.java:150)
Any help would be GREATLY appreciated.
Thanks!
Daryl

Bonjour,
J'ai le problème que celui énoncé dans ce topic. Je réalise une applet ftp qui doit se connecter à un serveur ftp. J'utilise org.apache.commons.ftp.net et mon appli fonctionne sous eclipse mais pas intégré sur une page web.
J'ai signé le jar commons-net-1.1.4.jar et le jar qui contient mon code et ça ne fonctionne pas.
dois-je mettre toutes les classes de commons-net-1.1.4.jar dans mon fichier jar, je ne sais pas comment faire pour inclure commons-net-1.1.4.jar dans mon jar car lorsque je compile, je met le path dans eclipse mais je n'ai normalement pas besoin de mettre le commons-net-1.1.4.jar dans mon jar car les classes sont automatiquement importées.
Merci de votre aide

Signed applets called from javascript - how/where to load policy file?

I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
So, I can get things to work if I place the following two lines in my 'local' JDK installation:
permission java.io.FilePermission "${user.home}/x.properties", "read,write";
permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
I'd REALLY appreciate any help I could get on this...
thanks in advance,
+0^^

Maybe you didn't realize but my previous post was sarcastically ment:
"hello SUN security stop bugging me in writhing this malicious program"
and
"hello SUN security, I'm a good boy now trust what I'm doing"
Are in a practical sense exactly the same.
SUN should either remove the stack check or the doprivileged. The stack check takes up
valuable resources for nothing since a malicious program can easily circumvent that.
Your post about a malicious user abusing your (CA) signed applet to ruine someone's
system is correct, it would not be difficult. A CA signed applet will not even ask a user to
trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
used on "grandma's old PC" since it's too complicated for users to do such things.
YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
certificate!).Actually you are to blame, because you made software that exposes a vonurability
other people can take advantage of.
what you can do before calling the doprivileged private method is check the call stack.
So your signed applet has a public method checking the callstack, if this lookes OK
that method will call the private doprivileged method.
Here is the example
package t;
import java.util.Properties;
import java.applet.Applet;
public class test extends Applet {
         public test(){
               startingPrivileged();
         public void startingPrivileged(){
               System.out.println("this is the stack");
               try{
                    throw new Exception("get the call stack");
               }catch(Exception e){
                    StackTraceElement stack[] = e.getStackTrace();
                    for (int i=0; i<stack.length; i++) {
                         System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
                    // this is a really simple check to see if this method was started from the t. package
                    // a good hacker can just create it's own package named t and take advantage of this method
                    // if this method was started from the same package there is no reason to make this method
                    // public, protected would work.
                    // there must be a better way to check if this method was called by "your" or "trusted" code
                    if(stack[1].getClassName().startsWith("t.")){
                         dosomePrivileged();
          private void dosomePrivileged(){
               System.out.println("this is the method that does privileged stuff");
     public static void main(String args[]) {
          new test();

File read access denied for signed applet

Hi:
I have a signed applet with a certificate generated with the keytool. Yet, I keep getting this error:
java.lang.Exception: java.security.AccessControlException:
    access denied (java.io.FilePermission C:\WINDOWS\system32\aetpkss1.dll read)The error is produced when the method loadKeyStore(pin) below is called.
    private KeyStore ks;
    private Provider provider;
    private static final String providerName    = "PKCS11";
    private static final String providerLibrary = "aetpkss1.dll";
    public void loadKeyStore(String pin) throws IOException,
     CertificateException, KeyStoreException, NoSuchAlgorithmException {
     if (provider == null)
         registerProvider(providerLibrary);
     try {
         ks = KeyStore.getInstance(providerName,provider);
     } catch (Exception e) {
         throw new KeyStoreException("Failed get keystore instance\n"
                         + e.getMessage());
     try {
         ks.load(null, pin.toCharArray());
     } catch (Exception e) {
         throw new KeyStoreException("Failed load keystore\n"
                         + e.getMessage());
    public void registerProvider(String library)
     throws FileNotFoundException, KeyStoreException {
     String fileName;
     if (new File(library).isAbsolute())
         fileName = library;
     else
         fileName = getAbsolutePath(library);
     if (!(new File(fileName).exists()))
         throw new FileNotFoundException("No such file: " + fileName);
     String config = "name = " + providerName + "\n"
         + "library = " + fileName;
     ByteArrayInputStream confStream =
         new ByteArrayInputStream(config.getBytes());
     try {
         provider = new sun.security.pkcs11.SunPKCS11(confStream);
         Security.addProvider(provider);
     } catch (Exception e) {
         throw new KeyStoreException("Can initialize " +
                         "Sun PKCS#11 provider. Reason: " +
                         e.getCause().getMessage());
    private String getAbsolutePath(String lib) throws FileNotFoundException {
     String[] searchPath;
     /* NOTE: This should be modified to suit different versions of   *
      *       Windows and not just Windows XP                         */
     if (System.getProperty("os.name").matches("^(?i)Windows.*")) {
         searchPath = new String[] { "C:\\WINDOWS\\system32" ,
                         "C:\\java" };
     } else {
         searchPath = new String[] { "/usr/local/lib/" };
     for (int i = 0; i < searchPath.length; i++) {
         if ((new File(searchPath[i] + File.separator + lib).exists()))
          return (searchPath[i] + File.separator + lib);
     throw new FileNotFoundException("Library not in search path " + lib);
    }The above code is called by a java script, the class' constructor is empty.
The error appears not to be caught by my code. I have tried to insert try/catch statements everywhere to figure out where this error is produced.
The code is write off of the applet for signing with a smart card by Svetlin Nakov - and his applet works!
I have also made a CLI application that uses the above code and it works perfectly.
So: Something is wrong either with my certificate, the signing method, signature verification or something completely different. Any hints?
The certificate I generated with
keytool -genkey -keystore mystore -alias me
keytool -seflcert -keystore mystore -alias meI have tired both with and without the selfcert step.
Thanks! Erik

The problem has been identified: Placing registerProvider() in the constructor the error no longer occurs, instead an error is produced when the key store is loaded.
It appears that the javascript code is not trusted and so, even though the applet is signed, access privileges are restricted to those of the java script.
A solution to this problem is not clear, but possibly, serving the pages from a trusted server, the java script will be trusted, some documentation seem to indicate.

Access denied to a security provider on a signed applet

Hi,
I'm having permissions problems to work with a security provider.
The security provider is already installed at java.security. In fact, at Netbeans when debbuging the app it's working perfectly.
If I'm working the provider in an signed applet, then there are errors.
Even, I have created a .jar file and I have saved in the /ext directory, wich by default in the java.policy file has got all security permissions.
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
Even with these granted permissions, I'm getting problems to work with the security provider that I have installed. Also, with these permissions I should be able to install the security provider.
log:
<record>
<date>2012-03-13T12:13:39</date>
<millis>1331637219126</millis>
<sequence>17</sequence>
<logger>appletpdf.appletPdf</logger>
<level>SEVERE</level>
<class>appletpdf.appletPdf</class>
<method>applTest</method>
<thread>11</thread>
<message>excepcion: {0} </message>
<exception>
<message>java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunPKCS11-Provider-name)</message>
<frame>
<class>java.security.AccessControlContext</class>
<method>checkPermission</method>
<line>393</line>
</frame>
<frame>
<class>java.security.AccessController</class>
<method>checkPermission</method>
<line>553</line>
</frame>
<frame>
<class>java.lang.SecurityManager</class>
<method>checkPermission</method>
<line>549</line>
</frame>
<frame>
<class>net.sourceforge.jnlp.runtime.JNLPSecurityManager</class>
<method>checkPermission</method>
<line>250</line>
</frame>
<frame>
<class>sun.security.pkcs11.SunPKCS11</class>
<method>login</method>
<line>1036</line>
</frame>
<frame>
<class>sun.security.pkcs11.P11KeyStore</class>
<method>login</method>
<line>874</line>
</frame>
<frame>
<class>sun.security.pkcs11.P11KeyStore</class>
<method>engineLoad</method>
<line>764</line>
</frame>
<frame>
<class>java.security.KeyStore</class>
<method>load</method>
<line>1201</line>
</frame>
<frame>
<class>apppdf.appPdf</class>
<method>tPKCS11</method>
<line>174</line>
</frame>
<frame>
<class>appletpdf.appletPdf</class>
<method>applTest</method>
<line>137</line>
</frame>
<frame>
<class>appletpdf.appletPdf</class>
<method>initapplDPdf</method>
<line>116</line>
</frame>
<frame>
<class>sun.reflect.NativeMethodAccessorImpl</class>
<method>invoke0</method>
</frame>
<frame>
<class>sun.reflect.NativeMethodAccessorImpl</class>
<method>invoke</method>
<line>57</line>
</frame>
<frame>
<class>sun.reflect.DelegatingMethodAccessorImpl</class>
<method>invoke</method>
<line>43</line>
</frame>
<frame>
<class>java.lang.reflect.Method</class>
<method>invoke</method>
<line>616</line>
</frame>
<frame>
<class>sun.applet.PluginAppletSecurityContext$4</class>
<method>run</method>
<line>699</line>
</frame>
<frame>
<class>java.security.AccessController</class>
<method>doPrivileged</method>
</frame>
<frame>
<class>sun.applet.PluginAppletSecurityContext</class>
<method>handleMessage</method>
<line>696</line>
</frame>
<frame>
<class>sun.applet.AppletSecurityContextManager</class>
<method>handleMessage</method>
<line>69</line>
</frame>
<frame>
<class>sun.applet.PluginStreamHandler</class>
<method>handleMessage</method>
<line>273</line>
</frame>
<frame>
<class>sun.applet.PluginMessageHandlerWorker</class>
<method>run</method>
<line>82</line>
</frame>
</exception>
</record>
Fails in the line where the KeyStore is loading:(Pin is correct)
KeyStore myKeyStore=null;
Provider p = Security.getProvider("SunPKCS11-Provider-Name");
myKeyStore = KeyStore.getInstance("PKCS11",p);
char[] pinData = pin.toCharArray();
myKeyStore.load(null, pinData);
Any help would be apreciated.
Thank you.
Bye

Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
Do backup and restore privileges apply at all over a network mount created via "net use"?
The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
user, or is the access check still done with our sync process's run-as user?
We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
S-1-5-32-544" group.
On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.

NIGHTMARE! Signed Applet - No Access. Please Help.

Hi:
I'm trying to make a signed applet gain access to my directory structure.
I created a simple applet to test with one line:
sErr = System.getProperty("user.dir");
The code is below.
I sign it using the following:
keytool -genkey -keyalg rsa -storepass MyCerts
As you can see I'm using the default keystore but I've tried it by using -keystore MyKeystore too.
It runs me through all the questions which I answer, no problems.
Then I sign it:
jarsigner -signedjar SSignedApplet.jar SignedApplet.jar MyCerts
It asks for the passwords which I enter.
It completes without error and the SSignedApplet.jar file shows up in the directory.
If I open the signed jar file it has all 3 of the files in the META-INF folder and the Manifest file looks right to me.
I upload the jar and the Default.asp file to a Web server (I've tried localhost and a remote host).
I open the page and the pop up comes up asking if I want to trust the unverified applet. I click 'Run'.
Once the applet is 'Started' I click the 'Get Properties' button and I get the error:
access denied (java.util.PropertyPermission user.dir read)
I've tried 2 examples that work fine on my machine (that I didn't write).
The first is by Francois Orsini (Derby Demo) and the other is by Laura MacDougal (successfully wrote a file to my user.dir directory).
No matter what I do, I can't sign an applet and make it access anything.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<script language="JavaScript" type="text/javascript">

</script>
</head>
<body bgcolor="#ffffff" style="margin:0px auto;width:800px;padding:0px">
<form name="fmLogin" action="" method="POST">
<table width="650" align="center" cellpadding="0" cellspacing="0">
     <tr>
          <td>Login</td>
          <td><input name="Login"></td>
     </tr>
     <tr>
          <td>Password</td>
          <td><input name="Password"></td>
     </tr>
     <tr>
          <td colspan="2"><input type="button" onclick="getProp();" value="Get Property"></td>
     </tr>
</table>
</form>
<APPLET CODE="SignedApplet.SampleApplet.class" WIDTH=1 HEIGHT=1 NAME="SampleApplet" ARCHIVE="SSignedApplet.jar"></APPLET>
</body>
</html>
package SignedApplet;
import java.applet.*;
import java.io.*;
import java.util.*;
public class SampleApplet extends java.applet.Applet {
    public String sErr = "";
    public void init() {
        // TODO start asynchronous download of heavy resources
    public void getProp()
        try
            sErr = System.getProperty("user.dir");
        catch(Exception exp)
            sErr = exp.getMessage();
    // TODO overwrite start(), stop() and destroy() methods
}

Thank you for reading my reply in your other thread:
http://forum.java.sun.com/thread.jspa?threadID=762212&messageID=4368224#4368224
If you've really run through it you would have known that code called from
javascript is not trusted and you have to use doprivileged (hey its in bold...
why would that be?).
Call getProp from init within the applet and you've got no problem.
As for your imageIcon, creating one with string as a parameter
the string is used as input for a File. I had no problem loading one with a signed applet.
I'll post the example later in your other thread.

Display of certificate when accessing a signed applet

HI
I have a signed applet which obviously displays a Certificate whenever it is Accessed.Now i would like the certificate to be displayed only once ie. ONLY when the applet is accessed for the first time and the user accepts(trusts) the certificate.The next time the user access the applet i do
not want the certificate to be displayed again as he has already accepted (trusted)the certificate.
is there a way to do this?
best regards
sumesh

Your user must import your certificate and store it as a trusted CA -- see step #9 on the link shown below:
http://developer.java.sun.com/developer/qow/archive/167/index.jsp
V.V.

Signed applet - NO Grant access dialog

I've develped a signed applet which works with the java plugin 1.3.1 and a self signed certificate. while developing i followed the description from irene67 in this forum. every thing works perfektly apart from the grant access dialog. after installing my certificate and starting my applet nothing happens appart from an file.io.exceptino (access denied)! i've tried out everything i could find in about 200 articels in several forums. but in the meantime i have no idea what i can do! may be anybody can help me!

At some point the Plug-in switched from using the Windows Certificate Manager to using the cacerts file. If you're using Plug-in 1.3.1, then it's using the cacerts file to determine whether the jar is signed with a certificate chain that ends with a trusted ca. Use keytool to import your certificate into cacerts. If you've already tried that, then maybe list the commands that you've issued in your attempt so we can have a look.

Java.security.AccessControlException: access denied; for a signed applet

Hi,
I have a signed applet which is used to read local files. When I call the applet method which is reading the file, from javascript I am getting "java.security.AccessControlException: access denied ". Where as if the method gets called during applet load, file is read without errors? How can I get over this problem?
If there is a way loading the applet based on a condition from Javascript, please let me know.
Thanks,

[http://forums.sun.com/thread.jspa?forumID=421&threadID=5308353]

Problem with accessing Signed Applet from javascript method

Hi,
I am facing the following problem while accessing Signed Applet from javascript method.
java.security.AccessControlException: access denied (java.io.FilePermission c:/temp.txt read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at FileTest.testPerm(FileTest.java:19)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
     at sun.plugin.com.MethodDispatcher.invoke(Unknown Source)
     at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
     at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.plugin.com.DispatchImpl.invoke(Unknown Source)
I am using jdk1.5 for my development...
Can anyone help to resolve this security issue. Urgent...
Thanks in advance.

Hey thanks. I wasn't able to get it to work with that sample but I did find this very similar code that does allow javascript to call JFileChooser in an applets public method.
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction()
public Object run(){
//do your special code here
return null; //return whatever you want
It seems a bit tempermental in that if you don't select a file quickly, it will hang the browser....no perfect solution but I'm going in the right direction.
Thanks,
Scott

How to Randomfile access Non-Signed Applet?

How to access a file with RandomFile Access with a non-signed Applet?
Similar to this but with Random Seek,Read, Write.
BufferedReader inData = new BufferedReader(new InputStreamReader(home.openStream()));
Thank you

Have you looked at
http://java.sun.com/docs/books/tutorial/essential/io/index.html

Accessing Signed Applet Method From Javascript

Hi All,
In my intranet application i have to retrive the mac addres of the client using the applet. I have to capture the MAC Address and set it as a hidden value in the jsp page.
I have used the signed applet and able to retrive the mac address of the client using IE but I am not able to do the same on NN 7.1
Below is my javascript and the applet tag syntax, please help me if i am wrong anywhere
function mac()
var mval=document.myApplet.getWinMACAddress()
alert("addres" +mval)
document.loginform.js_value.value=mval
and the applet tag in my jsp page is
<applet code ="SignedAppletDemo.class" codebase="http://mysouthasia/AcadResource/jsp/" archive="SSignedApplet.jar" width=1 height=1 align=center name="myApplet" >
</applet>
Thanks in Advance

Since getWinMACAddress( ) seems to work just fine for IE, is there an equivalent for NN7.1?
What happens if I run Opera instead, and on a Linux system? Or Safari on OS X? Obviously getWinMACAddress( ) isn't going to work for that.
I really don't understand why so many Asian programmers get "Find the MAC address of..." as a homework assignment. There are many reasons why it isn't really practical to do so, and for examples, just search this forum for MAC addresses. Lots and lots of examples and counter examples.

Signed applet don't work on XP

Hi,
I'am currently working on a point-of-sale (POS) using windows XP/Firefox and a linux apache/jboss server.
I have developed a dynamic windows library in order to use an industrial printer connected to the POS to perform some printing without confirmation of the customer.
The POS is under Windows XP SP2 and use Firefox 2.0.0.11/JRE 1.5.0.14.
This dll is used by a signed applet located on the apache/jboss server.
The applet is correctly downloaded by the client, but normally i have to wait for the certicat authentification windows appearing and for confirming that i want execute the applet. And instead i have a java exception :
security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
security: Aucune information d'horodatage disponible
java.lang.NullPointerException
     at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
     at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
     at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
     at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
     at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
     at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
     at java.security.SecureClassLoader.defineClass(Unknown Source)
     at java.net.URLClassLoader.defineClass(Unknown Source)
     at java.net.URLClassLoader.access$100(Unknown Source)
     at java.net.URLClassLoader$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.net.URLClassLoader.findClass(Unknown Source)
     at sun.applet.AppletClassLoader.findClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at sun.applet.AppletClassLoader.loadCode(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
security: L'utilisateur a refus� les droits d'acc�s au code
basic: Taille de cache du chargeur de classes courant : 1
basic: Termin�...
basic: Jonction du thread d'applet...
basic: Destruction de l'applet...
basic: Elimination de l'applet...
basic: Sortie de l'applet...
java.lang.ExceptionInInitializerError
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
     at java.lang.reflect.Constructor.newInstance(Unknown Source)
     at java.lang.Class.newInstance0(Unknown Source)
     at java.lang.Class.newInstance(Unknown Source)
     at sun.applet.AppletPanel.createApplet(Unknown Source)
     at sun.plugin.AppletViewer.createApplet(Unknown Source)
     at sun.applet.AppletPanel.runLoader(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.C:\Program Files\BICImpression\impression_api.dll)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkLink(Unknown Source)
     at java.lang.Runtime.load0(Unknown Source)
     at java.lang.System.load(Unknown Source)
     at applets.impression.Impression.<clinit>(Impression.java:38)
     ... 11 moreand then the certicat authentification windows appears but it's too late, the applet won't never execute ...
the apache/jboss server is accessed via some gateway, firewal, ... tha t i can't control
the apache jboss/server on my own PC is accessed directly :
What is amazing, is that work fine with my own professionnal PC on W2000 SP4, with JRE1.5.0.14 and Firefox 2.0.0.11 :
when I look in the java console, the java freeze until i have answered this java security window (certicat authentification windows). And when i answered "run" no problem the applet makes her own job.
here is the code when it works :
security: La v�rification du certificat � l'aide des certificats AC racine a �chou�
security: Aucune information d'horodatage disponible
basic: Plugin modality.pushed
basic: Modalit� empil�e
basic: push javax.swing.JDialog[dialog0,379,296,519x323,layout=java.awt.BorderLayout,modal,title=Avertissement - S�curit�,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,22,513x298,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
basic: Chargement arr�t�...
basic: Arr�t de l'applet...Conclusion
POS : Win XP SP2, JRE1.5.0.14 (i tried 1.5.0.6 and 1.6.3 the latest), Firefox 2.0.0.11 (I tried 2.0.0.0 and 3 beta2 don't work anyway)
my own server/client : W2000 SP4, JRE1.5.0.14, Firefox 2.0.0.11
Linux server : RHEL4
It works with IE on the POS with the linux sever but it's not the selected browser.
It works with IE on the POS with my own server.
It works with Firefox on the POS with my own server.
It works with IE on my own server with the linux sever but it's not the selected browser.
It works with IE on my own server with my own server.
It works with Firefox on my own server with the linux sever.
It works with Firefox on my own server with my own server.
If you have some idea to make it work i'm you're buyer !!
Thank a lot for reading this, and i apologize for my poor english ...
greetings,
Benoit
Edited by: bendur on Feb 29, 2008 3:49 AM

Ok I have found my problem :
On every web pages, we have defined some inactivity timeouts.
On my own server I have disabled these timeouts but not on the distant timeout.
And it seems that the timeout (defined in javascript ont he web pages : 3s) has a very bad influence on the launching of my applet ... only with firefox (with IE and Opera no problem)
My problem is anwsered but the problem keep alive for firefox ...

Signed applet does not grant AudioPermission "record"

From what I gather, if I have a trusted signed applet sitting on a webpage and
the visitor accepts (runs) the applet, then they should not need to have:
grant {
permission javax.sound.sampled.AudioPermission "record";
in their java policy file. Well I have done all this (with a certificate from
Thawte) and posted a thorough example at:
http://www.livesite.net/JavaSoundTest
At the bottom of that page there is a "Check permissions" link which will alert
true/false if we have record permission. Clicking any "Record" link will
attempt to open a TargetDataLine.
My experience (and problem) is: record permission must be granted even though
the applet is signed by a trusted CA.
I would very much appreciate any help.
Are you able to record/playback (without granting record permission in your
java policy files) with the JavaSoundTest applet webpage?
Is there something I am missing?
------ More information ------
Java Control Panel -> Advance -> Security
'allow user to grant permissions to signed content' is checked
Reproducable on:
MS NT4 w/ IE6
MS Windows 2000 w/ Firefox 1.5
MS Windows XP w/ Firefox 1.5
MS Windows XP w/ IE6
Fedora FC6 w/ Firefox 2.0
Also, this happens with a commented-out record permission in the user
.java.policy file, or when the policy file does not exist.
------ Source code: opening the target data line ------
Using the JavaSoundTest applet page without granted permission, clicking a
record link will yield this exception in the java console:
java.security.AccessControlException: access denied (javax.sound.sampled.AudioPermission record)
at java.security.AccessControlContext.checkPermission
at java.security.AccessController.checkPermission
at java.lang.SecurityManager.checkPermission
at com.sun.media.sound.JSSecurityManager.checkRecordPermission
at com.sun.media.sound.DirectAudioDevice$DirectDL.implOpen
at com.sun.media.sound.AbstractDataLine.open
at net.livesite.jsound.Recorder.run(Recorder.java:161)
while opening a TargetDataLine as:
23 private static TargetDataLine line;
157 line = (TargetDataLine) AudioSystem.getLine( lineInfo );
158
159 try
160 {
161 line.open( format, (int) format.getSampleRate() );
162 }
------ Source code: Using the security manager ------
The "Check permissions" link on the TestJavaSound applet page calls this method:
191 public boolean hasSoundRecPriv()
192 {
193 boolean ret = false;
194
195 try
196 {
197 SecurityManager sm = System.getSecurityManager();
198 if (sm != null)
199 {
200 sm.checkPermission(new AudioPermission("record"));
201 }
202 ret = true;
203 }
204 catch(SecurityException e)
205 {
206 ret = false;
207 }
208
209 return ret;
210 }
(This is a continued post from JAVASOUND-INTEREST at SUN.COM)

Is there something I am missing?1) Applets are not well supported by Sun,
and are inherently problematic as a reult
of that.
2) My experience suggests that the diagnotics
applet is not reliable for detecting JMF.
3) I guess the JMF applet is doing checks of
policy files, despite the signed code.
You might circumvent most of these problems,
by using web-start to launch an application.
Here are some of my tests at launching
JMF using web-start.
http://www.javasaver.com/testjs/jmf/

Signing applets/ access controll violations

Similar Messages

Maybe you are looking for